13. Change Log & Release Notes

This document contains a summary of the new features, changes, fixes and known issues in each release of Trusted Firmware-A.

13.1. 2.12.0 (2024-11-19)

The threat model for context management and the asymmetric CPU extension support feature is not available in the release.

13.1.1. ⚠ BREAKING CHANGES

  • Bootloader Images

    • remove unused plat_try_next_boot_source

      See: remove unused plat_try_next_boot_source (2c303e3)

13.1.2. Resolved Issues

  • Architecture

    • Branch Record Buffer Extension (FEAT_BRBE)

      • allow RME builds with BRBE (9890eab)

    • Memory Tagging Extension2

      • improve ENABLE_FEAT_MTE deprecation warning (ba65e2d)

      • remove deprecated CTX_INCLUDE_MTE_REGS/FEAT_MTE (6f2b881)

  • Platforms

    • Allwinner

      • dtb: check for correct error condition (7300a4d)

      • enable dtb modifications for CPU idle states to the rich OS (188a988)

      • remove unneeded header inclusion (8bb8f02)

    • Arm

      • FPGA

        • avoid stripping kernel trampoline (8292f24)

      • FVP

        • add DRAM memory regions that linux kernel can share (18ec9bd)

        • add optee specific mem-size attribute (75265a1)

        • add secure uart interrupt in device region (fc3a01a)

        • enable FEAT_MTE2 (d081c61)

        • fix the FF-A optee manifest by adding the boot info node (bf36351)

        • update the memory size allocated to optee at EL1 (4739372)

      • Neoverse-RD

        • RD-V3

          • remove NEED_* from RD-V3 makefile (a3eef39)

      • TC

        • add SCP_BL2 to RSE measured boot (7984154)

        • add stubs for soc_css_init functions (f5ae5dc)

        • correct CPU PMU binding (7aca660)

        • correct NS timer frame ID for TC (034cc80)

        • don’t enable TZC on TC3 (8ce29a7)

        • enable MTE2 unconditionally (be8eaa5)

        • fix the MHUv3 interrupt name in DT (1bf3325)

        • retain NS timer frame ID for TC2 as 0 (1ba0880)

      • Corstone-1000

        • fix Makefile error reporting (09bf366)

        • clean cache and disable interrupt before system reset (335c4f8)

        • include platform header file (783e5ab)

        • pass spsr value explicitly (32690ba)

        • remove unused NS_SHARED_RAM region (83c11c0)

        • update memory layout comments (d7417ad)

    • Aspeed

      • AST2700

        • fix mpll calculate statement (aa09622)

    • HiSilicon

      • Poplar

        • shutdown wdt0 before powering off (88bc65d)

        • use sysctrl module to reset (c961e68)

    • Intel

      • add cache invalidation during BL31 initialization (3c640c1)

      • add in JTAG ID for Linux FCS (ea906b9)

      • add in missing ECC register (4683946)

      • add in watchdog for QSPI driver (6704cba)

      • bridge ack timing issue causing fpga config hung (9a402d2)

      • correct macro naming (815245e)

      • f2sdram bridge quick write thru failed (64cf9de)

      • fix bridge enable and disable function (90f5283)

      • fix CCU for cache maintenance (f06fdb1)

      • flush L1/L2/L3/Sys cache before HPS cold reset (7ac7dad)

      • implement soc and lwsoc bridge control for burst speed (a8d81d6)

      • refactor SDMMC driver for Altera products (beba204)

      • remove redundant BIT_32 macro (7985ade)

      • software workaround for bridge timeout (e08039d)

      • update Agilex5 BL2 init flow and other misc changes (b3d2850)

      • update Agilex5 warm reset subroutines (c1253b2)

      • update all the platforms hand-off data offset value (1838a39)

      • update CCU configuration for Agilex5 platform (09330a4)

      • update mailbox SDM printout message (569a03c)

      • update memcpy to memcpy_s (e264b55)

      • update outdated code for Linux direct boot (21a01da)

      • update preloaded_bl33_base for legacy product (f29765f)

      • update sip smc config addr for agilex5 (7c72dfa)

      • update the size with addition 0x8000 0000 base (9978a3f)

    • Marvell

      • Armada

        • A3K

          • reset GIC before resetting via CM3 secure coprocessor (5993af4)

    • MediaTek

      • MT8188

        • remove BL32 region protection if SPD sets to none (207c447)

    • NXP

      • i.MX

        • disable DRAM retention by default on i.MX8MQ (108146c)

        • i.MX 8M

          • 8mq: enable imx_hab_handler (af79981)

          • ensure domain permissions for the console (f7434fa)

      • S32G274A

        • avoid overwriting const fields (bf01296)

        • workaround for ERR051700 erratum (b47d085)

    • QEMU

      • allocate space for GPT bitlock (e9bcbd7)

      • exclude GPT reserve from BL32_MEM_SIZE (7604288)

      • fix build error with spmd (1b1b40a)

      • fix EL3-SPMC data store alignment (eee52da)

      • fix L0 GPT page table mapping (147b1a6)

      • remove validate_ns_entrypoint (e5362e2)

      • update rmmd_attest_get_platform_token() (9248ee0)

    • Raspberry Pi

      • Raspberry Pi 3

        • manually populate CNTFRQ reg (11dff59)

        • use correct define for GPIO reg_clr (9876baf)

    • Rockchip

      • add parenthesis for BITS_SHIFT macro (901e94e)

      • fix “unexpected token” error with clang (52cdebb)

      • xlat: fix compatibility between v1 and v2 (d43a2e8)

    • ST

      • set no-pie option when building ST elf file (6d26d75)

      • support device tree DDR sizes higher than 16Gbits for aarch64 (cd9c92c)

      • STM32MP1

        • remove unnecessary assert on GPIO_BANK_A value (5c45768)

        • skip OP-TEE header check if image base is NULL (b452e7a)

      • STM32MP2

        • enable timer earlier in BL31 (16a659d)

        • remove mapping of BL2 DT area (60d0758)

        • set PLAT_MAX_PWR_LVL to one (747d85e)

        • use TOOL_ADD_IMG_PAYLOAD for BL31 DT (f15f1c6)

    • Xilinx

      • avoid altering function parameters (b21e287)

      • dcc to support runtime console scope (238eb54)

      • declare unused parameters as void (d3bb350)

      • explicitly check operators precedence (8e9a5a5)

      • fix comment about MEM_BASE/SIZE (1e2a5e2)

      • fix logic to read ipi response (03fa6f4)

      • fix OVERRUN coverity violation (e27b949)

      • handle power down event if SGI not registered (c3ffa4c)

      • map PMC_GPIO device node to interrupt for wakeup source (692d32b)

      • modify conditions to have boolean type (e223037)

      • optimize logic to read IPI response (02943d0)

      • register for idle callback (a3b0a34)

      • rename variable to avoid conflict (aba5bf9)

      • warn if reserved memory pre-exists in DT (729477f)

      • Versal

        • add const qualifier (0f9f557)

        • add external declaration (16c611f)

        • declare unused parameters as void (ab9aab3)

        • evaluate condition for boolean (b39c82e)

        • explicitly check operators precedence (0ed8b4b)

        • kernel QEMU boot is failing on versal platform (8e5252f)

        • modify conditions to have boolean type (1247566)

        • remove check for bl32 load address (4c9ae8a)

        • variable conflicting with external linkage (e452826)

      • Versal NET

        • evaluate condition for boolean (37c46d8)

        • declare unused parameters as void (06f63f4)

        • explicitly check operators precedence (a4ddd24)

        • ignore the unused function return value (aa6df8e)

        • modify conditions to have boolean type (83c3c36)

        • remove check for bl32 load address (c38ced2)

        • variable conflicting with external linkage (4d2b4e4)

      • ZynqMP

        • add const qualifier (bb145c9)

        • add external declaration (6c08d1d)

        • declare unused parameters as void (1c43e36)

        • evaluate condition for boolean (aaf6e76)

        • explicitly check operators precedence (5b54231)

        • handle secure SGI at EL1 for OP-TEE (f5b2fa9)

        • ignore the unused function return value (355ccf8)

        • modify conditions to have boolean type (a42e6e4)

        • variable conflicting with external linkage (eda23fa)

    • AMD

      • Versal Gen 2

        • add const qualifier (a0745f2)

        • add external declaration (17a8f41)

        • add ufs specific features support (b9c20e5)

        • correct the UFS clock rates (b048601)

        • declare unused parameters as void (851df3c)

        • explicitly check operators precedence (15a9e38)

        • ospi data integrity cases are failing (a147362)

        • update check for TRANSFER_LIST macro (7d09198)

        • variable conflicting with external linkage (ca39fd4)

    • Nuvoton

      • fix MMU mapping settings (0a1df64)

  • Services

    • RME

      • RMMD

        • continue boot if rmmd_setup fails (fdd8a24)

        • fail gracefully if RME is not enabled (eacbef4)

        • handle RMMD manifest loading failure (0c70781)

        • ignore SMC FID when RMM image is not present (adcd74c)

        • remove the assert check for RMM_BASE (8cb9c63)

    • SPM

      • EL3 SPMC

        • use write_el1_ctx_timer() macro to set cntkctl_el1 value (19082c2)

      • SPMD

        • remove spmd_handle_spmc_message (6c378c2)

      • SPM MM

        • carve out NS buffer TZC400 region (1922875)

    • DRTM

      • do cache maintenance before launching DLME (23378ae)

      • return proper values for DRTM get and set error SMCs (5e1fa57)

  • Libraries

    • CPU Support

      • modify the fix for Cortex-A75 erratum 764081 (7f152ea)

      • workaround for Cortex-A720 erratum 2792132 (b1bde25)

      • workaround for Cortex-A720 erratum 2844092 (1214090)

      • workaround for Cortex-X4 erratum 2816013 (1e4480b)

      • workaround for Cortex-X4 erratum 2897503 (609d08a)

      • workaround for Cortex-X4 erratum 3076789 (db7eb68)

      • workaround for Cortex-A520(2938996) and Cortex-X4(2726228) (4a97ff5)

    • EL3 Runtime

      • correct CASSERT for cpu data size (483dc2e)

    • PSCI

      • fix parent parsing in psci_is_last_cpu_to_idle_at_pwrlvl (01959a1)

    • ROMlib

      • prevent race condition on the build directory (25cde5f)

      • wrap indirectly included functions (d95d56b)

    • GPT

      • fix GPT library fill_l1_tbl() function (d024cce)

      • fix RME GPT library bug (6350aea)

    • Translation Tables

      • correct attribute retrieval in a RME enabled system (e3c0869)

    • Authentication

      • check the presence of the policy check function (491832f)

      • correct RSE_CRYPTO_EXPORT_PUBLIC_KEY_SID (759994a)

      • remove the bl2 static c file (ac106f2)

      • mbedTLS

        • fix error return code for calc_hash (885bd91)

        • sign verification issue with invalid Key/Signature (7731465)

        • add extra hash config to validate ROTPK (014975c)

      • mbedTLS-PSA

        • fix P-384 PSA key signature verification (12a8e95)

    • GUID Partition Tables Support

      • fix unaligned access in load_mbr_header() (21a77e0)

    • Arm

      • GIC

        • GICv3

          • fix GITS_CTLR.Quiescent bit definition (2da29d2)

          • incorrect impdef power down sequence (b1925dc)

          • wait rwp when gicr_ctrl.enablelpis from 1 to 0 (66668c7)

      • MHU

        • fix compilation error with ENABLE_ASSERTIONS=0 option (e2e8a39)

      • RSE

        • include lib-psa to resolve build (654ae70)

    • NXP

      • SFP

        • shift gpio register offsets by 2 (d30312a)

      • Clock

        • broken UART clock initalization (f8490b8)

        • function parameter should not be modified (8ee0fc3)

    • ST

      • Clock

        • adapt order of CSS on LSE and HSE (eca5103)

        • display proper PLL number for STM32MP13 (039b7d4)

        • do not reconfigure LSE (f4a2bb9)

      • DDR

        • fix coverity issue in ddrphyinit (5dd1d54)

        • move skipddc_dat definition (13cc1a5)

      • GPIO

        • configure each GPIO mux as secure for STM32MP2 (179a130)

  • Miscellaneous

    • DT Bindings

      • update STM32MP2 clock and reset bindings (8522909)

    • FDTs

      • reserved memory: detect existing region (4248806)

    • SDEI

      • fix a crash when attempting to bind more events than are available (4096bd6)

  • Documentation

    • fix CPU type for mt8195 (65ada75)

    • fix the example command for doc build (9db2b05)

    • point poetry readthedocs virtual env (5383a88)

    • refactor poetry dependency group (4a29299)

    • replace “ARM-TF” with “TF-A” in diagrams (c4067a9)

  • Build System

    • correct feature assignment for ARM v8.8 compliance (94ff1d9)

    • ensure $(ROT_KEY) depends on correct directory rules (7a95759)

    • fix incorrectly-escaped armlink preprocessor definitions (df52e26)

    • pass the PLAT option during FIP tool compilation (40469bf)

    • string split into two lines causing error (4f32179)

  • Tools

    • fiptool

      • update the fiptool and certtool to fix POSIX build (ccbfd01)

  • Dependencies

    • checkpatch

      • detect issues in commit message (1a72174)

13.1.3. New Features

  • Architecture

    • Fine-grained Traps 2 (FEAT_FGT2).

      • add support for FEAT_FGT2 (33e6aaa)

    • CPU feature / ID register handling in general

      • add ENABLE_FEAT_LS64_ACCDATA (19d52a8)

      • add new feature state for asymmetric features (43d1d95)

      • upgrade PMU to v8 (FEATURE_DETECTION) (515d2d4)

    • Debug Extension (FEAT_Debugv8p9)

      • add support for FEAT_Debugv8p9 (83271d5)

    • Statistical profiling Extension (FEAT_SPE)

      • introduce spe_disable() function (651fe50)

    • Trace Buffer Extension (FEAT_TRBE)

      • introduce trbe_disable() function (b36e975)

    • Extension to SCTLR_ELx (FEAT_SCTLR2)

      • enable FEAT_SCTLR2 for Realm world (b17fecd)

      • add support for FEAT_SCTLR2 (4ec4e54)

    • 128-bit Translation Tables (FEAT_D128)

      • add support for FEAT_D128 (3065513)

    • Translation Hardening Extension (FEAT_THE)

      • add support for FEAT_THE (6d0433f)

  • Platforms

    • Allwinner

      • adjust H616 L2 cache size in DTB (ee5b26f)

      • h616: add I2C PMIC support (0444589)

      • h616: add support for AXP313 PMIC (0385136)

      • h616: add support for AXP717 PMIC (646d06b)

    • Arm

      • Common

        • add support for loading CONFIG from BL2 (973e0b7)

        • add fw handoff support for RESET_TO_BL31 (1a0ebff)

        • correct the RESET_TO_BL31 x1 handoff arg (5da68cc)

        • load dt before updating entry point (c1c406a)

        • move HW_CONFIG relocation into BL31 (fe94a21)

        • remove critical handoff code from assert (cca1b72)

        • makefile invoke CoT dt2c (0e0fab0)

        • generate tbbr c file CoT dt2c (479c833)

        • add COT_DESC_IN_DTB option for Dualroot (731ac5e)

      • FPGA

        • enable new CPU features (1920a32)

      • FVP

        • change UART0-1 to NS device region (cd656a5)

        • add Cactus partition manifest for EL3 SPMC (5134623)

        • add cpu power control (d38c64d)

        • add Dualroot CoT in DTB support (0af86f0)

        • add flash areas for secure partition (9fb7676)

        • add SPM manifest for OP-TEE at S-EL1 without S-EL2/Hafnium (41d73bf)

        • allow SIMD context to be put in TZC DRAM (b4c23ad)

        • fdts: add stdout-path to the Foundation FVPs (2faccab)

        • replace managed-exit with ns-interrupts-action (887cec9)

        • scale SP_MIN max size based on SRAM size (3b5eca9)

        • update FF-A version to v1.1 supported by optee (4f37e1e)

        • remove duplicate jumptable entry (180a3a9)

      • Neoverse-RD

        • add a routine to update NT_FW_CONFIG in BL31 (c6b27c4)

        • add CSS definitions for third gen platforms (6d52713)

        • add DRAM layout for third gen platforms (10eb4c4)

        • add firmware definitions for third gen platforms (e517ccf)

        • add MHUv3 channels on third gen multichip platforms (47348b1)

        • add MHUv3 doorbell channels on third gen platforms (46d474f)

        • add multichip pas entries (c72e9dc)

        • add pas definitions for third gen platforms (896e9aa)

        • add RoS definitions for third gen platforms (fad5a20)

        • add scope for RD-Fremont variants (84973bb)

        • add SRAM layout for third gen platforms (5a37d68)

        • allow RESET_TO_BL31 for third gen platforms (4abcfd8)

        • enable RESET_TO_BL31 for RD-V3 (527fc46)

        • RD-V3

          • add DRAM pas entries in pas table for multichip (6a9cf0e)

          • add implementation for GPT setup (0876c74)

          • add support for measured boot at BL1 and BL2 (6182950)

          • add support for RD-Fremont (c0513e0)

          • add support for RD-Fremont-Cfg1 (6a0cb48)

          • add support for RD-Fremont-Cfg2 (eedb2d8)

          • enable AMU if present on the platform (faf98b3)

          • enable MPAM if present on the platform (e951985)

          • enable MTE2 if present on the platform (f801377)

          • enable SVE for SWD and NS (7e2736b)

          • fetch attestation key and token from RSE (0e323ec)

          • helper to initialize rse-comms with AP-RSE MHUv3 (2a35fcd)

          • initialize GPT on GPC SMMU block (ba35fac)

          • initialize the rse comms driver (f546113)

          • integrate DTS files for RD-Fremont variants (1b96641)

          • update Root registers page offset for SMMUv3 (859355f)

          • set CTX_INCLUDE_SVE_REGS build flag for RD-V3 variants (1551834)

      • TC

        • add default SLC policy for the gpu (bebefe0)

        • add device tree binding for SPE (77080f6)

        • add device tree binding for TC4 (3cedc47)

        • add DSU PMU node for tc3 (d3ae677)

        • add dts entries for MCN PMU nodes (1401a42)

        • add MHUv3 addresses between RSS and AP (5ab7a2f)

        • add MHUv3 doorbell support on TC3 (4f65c0b)

        • add MHUv3 DT binding for TC3 (6c069e7)

        • add MHUv3 register addresses for TC4 (36ffe3e)

        • add new TC4 RoS definitions (e9e83e9)

        • add NI-Tower PMU node for TC3 (169eb7d)

        • add PPI partitions in DT binding (ebc991b)

        • add system generic timer register definition for TC4 (d6b6a8b)

        • add uart node in spmc manifest (880dcd0)

        • allow TARGET_VERSION=4 (e8e1b60)

        • bind DPU SMMU on TC4 (e365479)

        • bind GPU SMMU on TC4 (11ec5de)

        • bind SCMI over MHUv3 for TC3 (f2596ff)

        • bind SMMU-600 with the DPU on TC3 FPGA (4c6960c)

        • bind SMMU-700 with DPU on TC3 (0458d3a)

        • change GIC DT property ‘interrupt-cells’ to 4 (1300bbc)

        • configure MCN rdalloc and wralloc mode (bb04d02)

        • enable el1 access to DSU PMU registers (de8b9ce)

        • enable Last-level cache (LLC) (e1b76cb)

        • enable MCN non-secure access to pmu counters on TC3 (adc91a3)

        • enable SME and SME2 options for TC4 (9face21)

        • enable trbe errata flags for Cortex-A520 and X4 (74dc801)

        • make SPE feature asymmetric (7754b77)

        • make TCR2 feature asymmetric (3e8a82a)

        • move flash device to own node (62269d4)

        • provide target_locality info of AP FW components (3201faf)

        • remove static memory used for fwu (25a2fe3)

        • setup ni-tower non-secure access for TC3 (89c58a5)

        • specify MHU version based on platform (04085d6)

        • support full-HD resolution for the FVP model (dd5bf9c)

        • update DT for Drage GPU (b3a4f8c)

      • Corstone-1000

        • add multicore support for fvp (16f4862)

      • Automotive RD

        • RD-1 AE

          • add device tree files (bb7c7e7)

          • enabling Trusted Board Boot(TBB) for RD-1 AE (2638496)

          • introduce Arm RD-1 AE platform (f661c74)

          • introduce BL31 for RD-1 AE platform (daf934c)

    • Aspeed

      • AST2700

        • set up CPU clock frequency by SCU (e3d1bbd)

    • Intel

      • add build option for boot source (ef8b05f)

      • add in SHA384 authentication (cab83c3)

      • add QSPI get devinfo mailbox cmd (8fb1b48)

      • clock manager PLL configuration for Agilex5 platform (e60bedd)

      • direct boot from TF-A to Linux for Agilex (b5c3a3f)

      • enable VAB support for Intel products (3eb5640)

      • pinmux and power manager config for Agilex5 platform (94a546a)

      • update Agilex5 DDR and IOSSM driver (ce21a1a)

      • update BL2 platform specific functions (fa1e92c)

      • update hand-off data to include agilex5 params (6875d82)

    • MediaTek

      • change log level from INFO to VERBOSE (5f2f384)

      • configure DEV_IRQ as G1S interrupt (240a1ec)

      • move plat_helpers.h to the common folder (b741293)

      • MT8186

        • add common and MT8186 TRNG driver (8c1740e)

      • MT8188

        • add MT8188 TRNG driver (b88d1f5)

        • update SVP region ID and permission (fc77c69)

        • update SVP region ID protection flow (e66c4ea)

        • update the memory usage for SCP core0 and core1 (83112aa)

      • MT8192

        • update memory protect region (7587cfd)

      • MT8195

        • update memory protect region (4224783)

    • NXP

      • i.MX

        • add helper to take params from BL2 (7eae1db)

        • i.MX 8M

          • i.MX 8M Nano

            • optionally take params from BL2 (c37a877)

          • i.MX 8M Mini

            • optionally take params from BL2 (11d32b3)

          • i.MX 8M Plus

            • optionally take params from BL2 (3d9fea9)

        • i.MX 9

          • i.MX93

            • optionally take params from BL2 (02d1813)

      • S32G274A

    • QEMU

      • SBSA

        • handle the information of CPU topology (c891b4d)

    • Raspberry Pi

      • Raspberry Pi 5

    • Renesas

      • R-Car

        • R-Car 3

          • populate kaslr-seed in next stage DT (b9e34d1)

    • Rockchip

      • add RK3566/RK3568 Socs support (9fd9f1d)

      • RK3588

        • enable crypto function (b833bbe)

        • support rk3588 (e3ec6ff)

        • support SCMI for clock/reset domain (04150fe)

    • ST

      • add FWU with boot from NAND (795a559)

      • add stm32mp_is_wakeup_from_standby() (87cd847)

      • manage backup partitions for NAND devices (ae81d48)

      • manage BL31 FCONF load_info struct (aa7f6cd)

      • STM32MP1

        • always boot at 650MHz (f655922)

        • handle DDR power supplies (47e6231)

        • STM32MP15

          • remove OP-TEE shared mem (8dd2a64)

      • STM32MP2

        • add BL2 boot first steps (db77f8b)

        • add BL31 device tree support (27dd11d)

        • add defines for the PWR peripheral (6add715)

        • add fixed regulators support (c3a7534)

        • add fw-config compilation (5af9369)

        • add helper to get DDRDBG base address (2fd7b23)

        • add minimal support for BL31 (03020b6)

        • add RETRAM map/unmap capability (52f530d)

        • add RISAB registers description (631c5f8)

        • boot BL33 at EL1 or EL2 (c900760)

        • disable unsupported features (128df96)

        • display CPU info (381b2a6)

        • enable DDR driver (213a08e)

        • enable DDR sub-system clock (5e0be8c)

        • get chip ID (154e6e6)

        • handle DDR power supplies (e2d6e5e)

        • improve BL31 size management (64e5a6d)

        • initialize gic and delay timer in bl31_plat_arch_setup (77847f0)

        • introduce DDR type compilation flags (d07e946)

        • load FW binaries to DDR (9a0cad3)

        • load fw-config file (a846a23)

        • manage DDR FW via FIP (ae84525)

        • print board info (cdaced3)

    • Texas Instruments

      • implement DM_MANAGED suspend (9b7550f)

    • Xilinx

      • add feature check function for TF-A specific APIs (9a0f5d1)

      • add none console (6d41398)

      • remove PM_IOCTL and PM_QUERY_DATA APIs (924f8ce)

      • update SiP SVC version number (c26aa08)

      • update TF-A to passthrough all PLM commands (4661c8f)

      • Versal

        • add DTB console to platform.mk (d629db2)

        • add support for QEMU COSIM platform (db827f9)

        • dedicate console for boot and runtime (d533f58)

        • deprecate build time arg VERSAL_PLATFORM (09ac1ca)

      • Versal NET

        • add DTB console to platform.mk (d61ba95)

        • dedicate console for boot and runtime (28ad0e0)

        • set lower cluster bus qos value (c6f6202)

      • ZynqMP

        • add DTB console to platform.mk (09a02ce)

        • dedicate console for boot and runtime (4557ab6)

        • enable ENABLE_LTO flag (19d8756)

        • move zynqmp platform to xlat tables v2 (fdda980)

    • AMD

      • populate handoff from TL (1fbe81f)

      • Versal Gen 2

        • add dtb & runtime console (1196474)

        • add dummy implementation for SCMI PD (095a20a)

        • add support for AMD Versal Gen 2 platform (c97857d)

        • implement USB_SET_STATE dummy IOCTL (282bce1)

        • support dynamic XLAT tables (9aa71f4)

  • Bootloader Images

    • add plat handler for image loading (a03dafe)

    • BL32

      • setup GPT in BL31 in RESET_TO_BL31 boot flow (1547e5e)

  • Services

    • RME

      • RMMD

        • el3 token sign during attestation (6a88ec8)

    • SPM

      • EL3 SPMC

        • support simd context management upon world switch (59bdcc5)

      • SPM MM

        • switch to simd_ctx_save/restore APIs (e6e3486)

    • Secure Payload Dispatcher

      • ProvenCore

        • switch to simd_ctx_save/restore apis (a9b64ed)

      • Trusty

        • switch to simd_ctx_save/restore apis (7461025)

  • Libraries

    • CPU Support

      • add support for arcadia cpu (8fa5460)

      • add support for cortex-a720ae (8118078)

      • add sysreg_bitfield_insert_from_gpr macro (ad8b514)

    • EL3 Runtime

      • Context Management

        • context switch MDCR_EL3 register (123002f)

        • introduce EL3/root context (40e5f7a)

        • add Root-Context documentation(0f3cd51)

        • enhance the cpu_context memory report (781e1a4)

        • move mpam registers into el2 context (7d930c7)

        • convert el1-ctx assembly offset entries to c structure (42e35d2)

        • add explicit context entries for ERRATA_SPECULATIVE_AT (59b7c0a)

        • remove el1 context when SPMD_SPM_AT_SEL2=1 (a0674ab)

        • support for asymmetric feature among cores (2f41c9a)

        • asymmetric feature support for trbe (721249b)

        • handle asymmetry for FEAT_TCR2 (f4303d0)

        • handle asymmetry for SPE feature (188f8c4)

        • test integrity of el1_ctx registers (7623e08)

        • keep actlr_el2 value in the init context (0aa3284)

      • SIMD

        • add data struct for simd ctxt management (841533d)

        • add routines to save, restore sve state (6d5319a)

        • add rules to rationalize simd ctxt mgmt (3524d07)

        • add sve state to simd ctxt struct (4242262)

        • introduce simd context helper APIs (308ebfa)

    • GPT

      • change the default max GPT block size to 512MB (01faa99)

      • add support for large GPT mappings (ec0088b)

      • configure memory size protected by bitlock (d766084)

    • C Standard Library

      • avoid CWE-190 for GENMASK macros (1f0b6e7)

      • fix MISRA 12.2 violations for BIT32 and BIT64 macros (0605b7e)

    • PSA

      • introduce generic library for CCA attestation (98d36e5)

    • Firmware Handoff

      • fix register convention r1/x1 value on transfer list (7475815)

      • make tl generation flexible (2329e22)

  • Drivers

    • Generic Clock

    • NXP

      • add clock skeleton for s32cc (3a580e9)

      • add Linflex flush callback (95ac568)

      • Clock

        • add A53 clock objects (44e2130)

        • add ARM PLL enablement (b5101c4)

        • add ARM PLL ODIV enablement (84e8208)

        • add CGM0 instance (9dbca85)

        • add clock objects for ARM DFS (44ae54a)

        • add clock objects for ARM PLL (a8be748)

        • add dependencies for the XBAR clock (5692f88)

        • add DFS module enablement (4cd04c5)

        • add FXOSC clock enablement (8ab3435)

        • add get_parent callback (96e069c)

        • add MC_CGM clock objects (3fa91a9)

        • add MC_ME utilities (b8c68ad)

        • add minimal set of S32CC clock ids (086ee20)

        • add objects needed for DDR clock (4a2ca71)

        • add oscillator clock objects (7c36209)

        • add partition reset utilities (11a7c54)

        • add partitions objects (af3020e)

        • add PERIPH PLL enablement (8653352)

        • add set_parent callback (12e7a2c)

        • enable the A53 clock (7004f67)

        • enable the DDR clock (8a4f840)

        • enable the XBAR clock (b8ad880)

        • enable UART clock (e4462da)

        • implement set_rate for oscillators (d937351)

        • refactor clock enablement (5300040)

        • set parent for ARM PLL and MC_CGM muxes (83af450)

        • set rate for clock fixed divider (65739db)

        • set rate for clock muxes (64e0c22)

        • set rate for PLL divider objects (de950ef)

        • set rate for PLL objects (7ad4e23)

        • setup the DDR PLL (18c2b13)

    • ST

      • Clock

        • add function to restore generic timer rate (bfe8a12)

        • add STM32MP2 clock driver (615f31f)

        • don’t gate/ungate an oscillator if it is not wired (f2aebab)

        • update with new bindings (ae1e503)

        • use early traces (1a25db1)

      • DDR

      • GPIO

        • add set GPIO config API (bfa5f61)

      • ST PMIC

      • Regulator

        • add enable ramp-delay (6897ae8)

        • support regulator_set_voltage for fixed regulator (156ed97)

      • Reset

        • add stm32mp2_reset driver (f829d7d)

        • add system reset management (d91d10a)

  • Miscellaneous

    • DT Bindings

      • add missing SPIx bus clocks (c6d50c9)

      • describe ST GPIO banks and config (deb9c86)

      • introduce Dualroot CoT DTB (703df3a)

      • new RCC DT bindings (52b253b)

    • FDT Wrappers

      • add function to read uint64 with default value (bc8dfca)

    • FDTs

      • add DDR4 files for STM32MP2 (178aef6)

      • STM32MP1

        • move RNG1 to CSI to improve random generation (d594239)

        • new RCC DT bindings for STM32MP1 (4391e5e)

        • remove PLL1 settings (66d7c8b)

        • remove RTC clock configuration (703a581)

      • STM32MP2

        • add BL31 info in fw-config (a370c85)

        • add clock tree for STM32MP257F-EV1 (293a4f3)

        • add fw-config file (513b5cc)

        • add fw-config files for STM32MP257F-EV1 (83f571e)

        • add I2C7 pin muxing (0a08208)

        • add io_policies (53e8982)

        • add memory node (e34839b)

        • add SD-card and eMMC support on STM32MP257F-EV1 (1dafb40)

        • add sdmmc nodes in SoC DT file (3879761)

        • add sdmmc pins definition (6a85f67)

        • add UART and I2C nodes for STM32MP2 (c7cfe27)

        • describe stpmic2 power supplies (e974670)

        • remove pins-are-numbered (a1a50ef)

        • update STM32MP257F-EV1 DT (f0d6dcb)

        • STM32MP25

          • add DDR power supplies (7323c7f)

          • add DDRCTRL and DDRPHY settings in DDR node (56ac99a)

  • Documentation

    • add DPE to RSE design doc (e4582e4)

    • add RMM option in build-options.rst (1b7f51e)

    • add RSE provided mboot backends to the threat model (3849d27)

    • add STM32MP2 docs links (21b6260)

    • update mboot threat model (07c2d18)

  • Build System

    • add ability to define platform specific defaults (1b2fb6a)

    • add ctags recipes for indexing assembly files (54b773e)

  • Tools

    • Transfer List Compiler

      • add command gen-header (9b05c37)

      • add host tool for static TL generation (6ac31f3)

      • add support for tox (38487c7)

      • add creating transfer lists from yaml files (3112099)

      • add option to input attr as string of flag names (4dcbba9)

      • add option to input text instead of tag id number (792e8e8)

    • Chain of Trust device tree to C source file

      • standalone CoT dt2c tool (4274d6f)

      • fix various breakages (73f7b7d)

      • use processed Device Tree source file as input (e19977d)

      • update documentation for cot-dt2c (b95f398)

13.2. 2.11.0 (2024-05-17)

13.2.1. ⚠ BREAKING CHANGES

  • Architecture

    • Memory Tagging Extension2

      • Any platform or downstream code trying to use SCR_EL3.ATA bit(26) will see failures as this is now moved to be used only with FEAT_MTE2 with commit@ef0d0e5478a3f19cbe70a378b9b184036db38fe2

        See: remove mte, mte_perm (c282384)

  • Services

    • SPM

      • SPMD

        • Given the optimizations made in TF-A SPMD to simplify NS EL1 context management, platform integrators must use SPMC binaries built by picking commits after 2fc6dcfa97e05159f95859fcf68db3031586f8c7 from hafnium repository.

          See: skip NS EL1 context save & restore operations (2d960a1)

  • Drivers

    • Arm

      • RSE

        • remove PLAT_RSS_NOT_SUPPORTED build option

          See: remove PLAT_RSS_NOT_SUPPORTED build option (878354a)

    • FWU

      • add a config flag for including image info in the FWU metadata (11d05a7)

      • add a function to obtain an alternate FWU bank to boot (26aab79)

      • add some sanity checks for the FWU metadata (d2566cf)

      • document the config flag for including image info in the FWU metadata (7ae1619)

      • migrate FWU metadata structure to version 2 (a89d58b)

13.2.2. New Features

  • Architecture

    • CPU feature / ID register handling in general

      • add cortex-a35 l2 extended control register (a727d59)

      • add feature detection for FEAT_CSV2_3 (30019d8)

      • added few helper functions (30f05b4)

    • DynamIQ Shared Unit (DSU)

      • save/restore DSU PMU register (f99a69c)

    • Memory Tagging Extension2

  • Platforms

    • update SZ_* macros (6d511a8)

    • Arm

      • add COT_DESC_IN_DTB option for CCA CoT (b76a43c)

      • add trusty_sp_fw_config build option (0686a01)

      • move GPT setup to common BL source (341df6a)

      • retrieve GPT related data from platform (86e4859)

      • support FW handoff b/w BL1 & BL2 (9c11ed7)

      • support FW handoff b/w BL2 & BL31 (a5566f6)

      • add platform API that gets cluster ID (e6ae019)

      • CSS

        • initialise generic timer early in the boot (3447ba1)

      • FVP

        • add CCA CoT in DTB support (4c79b86)

        • add stdout-path (8c30a0c)

        • add support for virto-net, virtio-9p and virtio-rng (51b8b9c)

        • added calls to unprotect/protect memory (6873088)

        • delegate FFH RAS handling to SP (d07d4d6)

        • remove left-over RSS usage (a1726fa)

      • Neoverse-RD

        • add scope for RD-V1 (86a4949)

        • add scope for RD-V1-MC (6fb16da)

        • add scope for SGI-575 (18b5070)

        • disable SPMD_SPM_AT_SEL2 for A75/V1/N1 platforms (b9c3273)

        • disable SPMD_SPM_AT_SEL2 for N2/V2 platforms (301c017)

        • enable AMU if supported by the platform (fed9368)

        • remove unused SGI_PLAT build-option (2d32517)

        • SGI-575

          • remove SGI-575 from deprecated list (f104eec)

        • RD-E1-Edge

          • remove support for RD-E1-Edge (c69253c)

        • RD-N1-Edge

          • remove RD-N1-Edge from deprecated list (78b7939)

        • RD-N2

          • enable NEOVERSE_Nx_EXTERNAL_LLC flag (ab2b363)

          • add dts for secure partition (49df726)

          • enable AMU if present on the platform (2cfedfa)

          • enable MTE2 if present on the platform (3a5b375)

          • update power message value to 0 (08f6398)

      • TC

        • add arm_ffa node in dts (4fc4e9c)

        • add DPE backend to the measured boot framework (e7f1181)

        • add DPE context handle node to device tree (1f47a71)

        • add dummy TRNG support to be able to boot pVMs (7be391d)

        • add firmware update secure partition (d062872)

        • add memory node in the device tree (5ee4deb)

        • add PMU entry (553b06b)

        • add RSS SDS region right after SCMI payload (6f503e0)

        • add save/restore DSU PMU register support (b87d7ab)

        • add SCMI power domain and IOMMU toggles (a658b46)

        • add spmc manifest with trusty sp (ba197f5)

        • add TC3 platform definitions (62320dc)

        • allow booting from DRAM (18f754a)

        • choose the DPU address and irq based on the target (8e94163)

        • enable gpu/dpu scmi power domain and also gpu perf domain (127eabe)

        • factor in FVP/FPGA differences (1b8ed09)

        • get the parent component provided DPE context_handle (467bdf2)

        • group components into certificates (6df8d76)

        • interrupt numbers for smmu_700 (2c406dd)

        • introduce an FPGA subvariant and TC3 CPUs (a02bb36)

        • pass the DTB address to BL33 in R0 (638e4a9)

        • provide a mock mbedtls-random generation function (a877818)

        • share DPE context handle with child component (03d388d)

    • Intel

      • add in QSPI ECC for Linux (4d122e5)

      • enable query of fip offset on RSU (6cbe2c5)

      • enable SDMMC frontdoor load for ATF->Linux (32a87d4)

      • increase bl2 size limit (2d46b2e)

      • restructure watchdog (47ca43b)

      • support QSPI ECC Linux for Agilex (d6ae69c)

      • support QSPI ECC Linux for N5X (6cf16b3)

      • support QSPI ECC Linux for Stratix10 (8be16e4)

      • support query of fip offset using RSU (62be2a1)

      • support SDM mailbox safe inject seu error for Linux (fffcb25)

      • support wipe DDR after calibration (68bb3e8)

    • MediaTek

      • remove bl32 flag for mtk_bl (9c41cc1)

      • MT8188

        • add secure iommu support (5fb5ff5)

        • remove apusys kernel handler usage constraints (0c77651)

    • NXP

      • i.MX

        • i.MX 8M

          • add 3600 MTps DDR PLL rate (f1bb459)

          • add defines for csu_sa access security (81de503)

          • add imx csu_sa enum type defines for imx8m (2ac4909)

          • make bl33 start configurable via PRELOADED_BL33_BASE (9260a8c)

          • obtain boot image set for imx8mn/mp (6d2c502)

          • i.MX 8M Mini

            • restrict peripheral access to secure world (1156c76)

            • set and lock almost all peripherals as non-secure (f4b11e5)

          • i.MX 8M Plus

            • restrict peripheral access to secure world (0324081)

            • set and lock almost all peripherals as non-secure (cba7daa)

          • i.MX 8Q

            • detect console base address during runtime (52ee817)

        • i.MX 8ULP

          • add a flag check for the ddr status (4fafccb)

          • add APD power down mode(PD) support in system suspend (478af8d)

          • add i.MX8ULP basic support (fcd41e8)

          • add memory region policy (5fd0642)

          • add OPTEE support (e7b82a7)

          • add some delay before cmc1 access (c514d3c)

          • add system power off support (891c547)

          • add the basic support for idle & system suspned (daa4478)

          • add the initial XRDC support (ac5d69b)

          • add trusty support (e853041)

          • adjust the dram mapped region (8d50c91)

          • adjust the voltage when sys dvfs enabled (416c443)

          • allocated caam did for the non secure world (7c5eedc)

          • allow RTD to reset APD through MU (ea1f7a2)

          • ddrc switch auto low power and software interface (ee25e6a)

          • enable 512KB cache after resume on imx8ulp (bcca70b)

          • enable the DDR frequency scaling support (caee273)

          • give HIFI4 DSP access to more resources (351976b)

          • not power off LPAV PD when LPAV owner is RTD (ab787db)

          • protect TEE region for secure access only (ff5e179)

          • update the upower config for power optimization (36af80c)

          • update XRDC for ELE to access DDR with CA35 DID (d159c00)

      • S32G274A

        • add S32G274ARDB2 board support (8b81a39)

        • enable BL31 stage (e73c3c3)

    • QEMU

      • allow ARM_ARCH_MAJOR/MINOR override (e769f83)

      • enable FEAT_ECV when present (1b694c7)

      • enable transfer list to BL31/32 (305825b)

      • load and run RMM image (8ffe0b2)

      • setup Granule Protection Table (6cd113f)

      • setup memory map for RME (cd75693)

      • support TRP for RME (ebe82a3)

      • update mapping types for RME (a5ab1ef)

      • update to manifest v0.3 (762a1c4)

      • use mock attestation functions for RME (c69e95e)

      • SBSA

        • handle CPU information (42925c1)

        • handle memory information (8b7dd83)

        • mpidr needs to be present (4fc54c9)

    • Raspberry Pi

      • add Raspberry Pi 5 support (f834b64)

    • Renesas

      • R-Car

        • R-Car 3

          • add cache operations to boot process (7e06b06)

          • change CAM setting to improve bus latency of R-Car Gen3 (e366f8c)

          • change MMU configurations (5e8c2d8)

          • enable the stack protection (cfa466a)

          • update IPL and Secure Monitor Rev.4.0.0 (516a98e)

    • ST

      • add a function to clear the FWU trial state counter (6e99fee)

      • add logic to boot the platform from an alternate bank (6166051)

      • do not directly call BSEC functions in common code (3007c72)

      • get the state of the active bank directly (588b01b)

      • use stm32_get_otp_value_from_idx() in BL31 (189db94)

      • STM32MP1

        • only fuse monotonic counter on closed devices (d6bb94f)

      • STM32MP2

        • add BSEC and OTP support (197ac78)

        • add ddr-fw parameter for fiptool (e494afc)

        • add plat_my_core_pos (d1c85da)

        • add STM32MP_USB_PROGRAMMER compilation (2e905c0)

        • put back core 1 in wfi after debugger’s halt (2331a34)

        • use early traces (47ea303)

    • Xilinx

      • add handler for power down req sgi irq (ade92a6)

      • add new state to identify cpu power down (5949701)

      • add wrapper to handle cpu power down req (3dd118c)

      • power down all cores on receiving cpu pwrdwn req (c3280df)

      • request cpu power down from reset (88ee081)

      • send SGI to mailbox driver (9a7f892)

      • Versal

        • enable errata management feature (d766f99)

        • extend platform address space sizes (663f024)

        • Versal NET

          • add bufferless IPI Support (511e4a4)

      • ZynqMP

        • remove unused pm_get_proc_by_node() (b03ba48)

  • Bootloader Images

    • BL32

      • create an sp_min_setup function (a1255c7)

  • Services

    • FF-A

      • update FF-A version to v1.2 (e830e4c)

    • RME

      • build TF-A with ENABLE_RME for Armv9.2 (7d5fc98)

      • pass console info via RMM-EL3 ifc (3290447)

    • SPM

      • EL3 SPMC

        • add support for FFA_CONSOLE_LOG (638a6f8)

        • add support for FFA_MEM_PERM_GET and SET ABIs (1f6b2b2)

        • add support to handle power mgmt calls for s-el0 sp (5917379)

        • add support to map S-EL0 SP device regions (727ab1c)

        • add support to map S-EL0 SP memory regions (83c3da7)

        • add support to setup S-EL0 context (48db2b0)

        • synchronize access to the s-el0 sp context (5ed8e25)

      • SPMD

        • add FFA_MSG_SEND_DIR_REQ2 (cc6047b)

        • add FFA_MSG_SEND_DIR_RESP2 (0651b7b)

        • initialize SCR_EL3.EEL2 bit at RESET (8815cda)

        • pass SMCCCv1.3 SVE hint to lower EL (c925867)

    • DRTM

      • add ACPI table region size to the DLME header (5dde96b)

      • add additional return codes (89f5c75)

      • for TPM features fw hash algorithm should be 16-bits (c86cfa3)

      • update DRTM version to 1.0 (9c36b90)

      • update references to DRTM beta0 (b94d590)

      • update return code if secondary PE is not off (bc9064a)

    • ChromeOS

      • add ChromeOS widevine SMC handler (b22e689)

  • Libraries

    • CPU Support

      • add support for Poseidon V CPU (b77f55d)

      • support to update External LLC presence in Neoverse N3 (6fbc98b)

      • support to update External LLC presence in Neoverse V2 (6aa5d1b)

    • EL3 Runtime

      • introduce UNDEF injection to lower EL (3c789bf)

    • FCONF

      • support signing-key in root cert node (04ac0b3)

    • OP-TEE

      • enable transfer list in opteed (0e8def9)

    • PSCI

      • add psci_do_manage_extensions API (160e843)

    • GPT

      • validate CRC of GPT partition entries (7a9e9f6)

    • SMCCC

      • add vendor specific el3 id (be5b1e2)

      • add vendor-specific el3 service (de6b79d)

      • add version FID for PMF (42cbefc)

    • C Standard Library

      • add printf support for space padding (0926d2d)

    • Locks

    • DICE Protection Environment (Experimental)

      • add cert_id argument to dpe_derive_context() (6a415bd)

      • add client API for DICE Protection Environment (b03fe8c)

      • add DPE driver to measured boot (0ae9c63)

      • add QCBOR library as a dependency of DPE (c19977b)

      • add typedefs from the Open DICE repo (584052c)

    • Context Management

      • report context memory usage (bfef8b9)

      • add documentation for context management library (4efd219)

    • Firmware Handoff

      • add additional TE tags (a312bfb)

      • add support for RESET_TO_BL2 (f019c80)

      • add TE’s for BL1 handoff interface (0646c9b)

      • add TL source files to BL1 (469b1d8)

      • enhance transfer list library (40fd755)

  • Drivers

    • Authentication

      • add explicit entries for key OIDs (2b53106)

      • mbedTLS

        • update config for 3.6.0 (55aed7d)

    • Console

      • introduce EARLY_CONSOLE (ae770fe)

    • FWU

      • modify the check for getting the FWU bank’s state (56724d0)

      • update the URL links for the FWU specification (e106a78)

    • SCMI

      • add scmi sensor support (e63819f)

    • Arm

      • SMMU

        • fix to perform INV_ALL before enabling GPC (70d849c)

        • separate out smmuv3_security_init from smmuv3_init (a23710b)

      • MHU

        • add MHUv3 doorbell driver (bc17476)

        • add MHUv3 wrapper APIs for RSS comm driver (4b4f850)

        • use compile flag to choose mhu version (996b3af)

      • RSE

        • add defines for ‘type’ range and use them in psa_call() (002b106)

        • adjust parameter packing to match TF-M changes (5abcc83)

    • NXP

    • ST

      • BSEC

        • add driver for the new IP version BSEC3 (ae6542f)

        • use early traces (cf237f8)

      • Clock

        • add function to control MCU subsystem (77b4ca0)

      • SDMMC2

        • set FIFO size to 1024 on STM32MP25 (d5b4d5d)

  • Miscellaneous

    • AArch64

      • add functions for TLBI RPALOS (8754cc5)

    • DT Bindings

      • introduce CCA CoT, rename TBBR (c4b35ce)

    • FDTs

      • STM32MP2

        • add board ID OTP in STM32MP257F-EV1 (88528f5)

        • add OTP nodes in STM32MP251 SoC DT file (c238a46)

    • Security

      • add support for SLS mitigation (538516f)

  • Documentation

    • update maintainer list for neoverse_rd (2d7902d)

  • Build System

    • check that .text section starts at page boundary (3d6edc3)

    • redirect stdin to nul during toolchain detection (b9014f8)

  • Tools

    • Memory Mapping Tool

      • add RELA section display (a6462e0)

13.2.3. Resolved Issues

  • Architecture

    • Memory Tagging Extension2

      • remove CTX_INCLUDE_MTE_REGS usage (30788a8)

      • use ATA bit with FEAT_MTE2 (ef0d0e5)

    • Performance Monitors Extension (FEAT_PMUv3)

      • fix breakage on ARMv7 CPUs with SP_min as BL32 (e6f8fc7)

    • Statistical profiling Extension (FEAT_SPE)

      • invoke spe_disable during power domain off/suspend (777f1f6)

  • Platforms

    • Arm

      • move console flush/switch in common function (6bdc856)

      • only expose arm_bl2_dyn_cfg_init to BL2 (3b48ca1)

      • FVP

        • added ranges for linux (b7491c7)

        • don’t check MPIDRs with the power controller in BL1 (6d8546f)

        • permit enabling SME for SPD=spmd (0b0fd0b)

      • FPGA

        • halve number of PEs per core (70b9204)

      • Neoverse-RD

        • SGI

          • align to misra rule for braces (cacee06)

          • apply workarounds for N2 CPU erratum (7934b68)

          • increase BL31 carveout size (0737bd3)

          • reduce cper buffer carveout size (f10d3e4)

          • update spi_id max for sgi multichip platforms (89d8577)

        • RD-N1-Edge

          • update RD-N1-Edge’s changelog title (d239ede)

        • RD-N2

          • populate TOS_CONFIG only when SPMC_AT_EL3 is enabled (10dcffe)

      • TC

        • correct interrupts (d2e44e7)

        • do not enable MPMM and Aux AMU counters always (fc42f84)

        • do not use r0 for HW_CONFIG (a5a966b)

        • enable FEAT_MTE2 (154eb0a)

        • guard PSA crypto headers under TF-M test-suite define (d2ce6aa)

        • increase BL2 maximum size limit (19258a5)

        • increase stack size when TRUSTED_BOARD_BOOT=0 (44ddee6)

        • missing device regions in spmc manifest (5e47112)

        • remove timer interrupt from G1S (9bf31a5)

    • Intel

      • add HPS remapper to remap base address for SDM (b727664)

      • bl31 overwrite OCRAM configuration (cfbac59)

      • fix hardcoded mpu frequency ticks (150d2be)

      • read QSPI bank buffer data in bytes (2f17ac0)

      • revert back to use L4 clock (d0e400b)

      • revert sys counter to 400MHz (460692a)

      • temporarily workaround for Zephyr SMP (68820f6)

      • update DDR range checking for Agilex5 (f4aaa9f)

      • update fcs crypto init code to check for mode (b0f4478)

      • update fcs functions to check ddr range (e8a3454)

      • update from INFO to VERBOSE when print debug message (56c8d02)

      • update HPS bridges for Agilex5 SoC FPGA (2973054)

      • update individual return result for hps and fpga bridges (82752c4)

      • update nand driver to match GHRD design (a773f41)

      • update stream id to non-secure for SDM (8fbd307)

      • update system counter back to 400MHz (a72f86a)

    • NXP

      • i.MX

        • i.MX 8M

          • align 3200 MTps rate with U-Boot (060fe63)

          • fix CSU_SA_REG to work with all sa registers (c13016b)

          • handle 3734 in addition to 3733 and 3732 MTps rates (cb60a87)

          • i.MX 8M Plus

            • uncondtionally enable only the USB power domain (ae6ce19)

        • i.MX 8ULP

          • add sw workaround for csi/hotplug test hang (e1d5c3c)

          • fix suspend/resume issue when DBD owner is s400 only (68f132b)

          • increase the mmap region num (047d7d1)

    • QEMU

    • Raspberry Pi

      • consider MT when calculating core index from MPIDR (6744d07)

    • Renesas

      • R-Car

        • fix implicit rule invocations in tools (e068a7c)

        • R-Car 3

          • change RAM protection configurations (e9afde1)

          • fix load address range check (4f7e0fa)

    • Rockchip

      • add support for building with LTO enabled (e5e9ccd)

      • fix documentation in how build bl31 in AARCH64 (6611e81)

      • RK3328

        • apply ERRATA_A53_1530924 erratum (dd2c888)

    • ST

      • STM32MP2

        • add missing include (cb0d6b5)

        • correct early/crash console init (4da462d)

    • Texas Instruments

      • do not stop non-secure timer on world switch (d2e1f6a)

      • K3

        • increment while reading trail bytes (0bdaf5c)

    • Xilinx

      • add console_flush() before shutdown (7ec53af)

      • add FIT image check in DT console (e2d9dfe)

      • add FIT image check in prepare_dtb (046e130)

      • check proc variable before use (652c1ab)

      • deprecate SiP service count query (6a80c20)

      • fix sending sgi to linux (427e46d)

      • follow MISRA-C standards for condition check (655e62a)

      • rename macros to align with ARM (7995319)

      • update correct return types (8eb6a1d)

      • Versal

        • initialize cntfrq_el0 register (f000744)

        • Versal NET

          • setup counter frequency (07625d9)

          • use arm common GIC handlers (b225926)

      • ZynqMP

        • resolve null pointer dereferencing (20fa9fc)

    • Nuvoton

      • gfx frame buffer memory corruption during secondary boot (ae2b4a5)

      • prevent changing clock frequency (fe8cc55)

  • Bootloader Images

    • BL1

      • add missing __RW_{START,END}__ symbols (d701b48)

      • add missing spinlock dependency (e40b563)

    • BL2

      • make BL2 SRAM footprint flexible (e0e03a8)

  • Services

    • FF-A

      • add NS memory node to fvp_spmc_optee_sp manifest (92bba3e)

    • RME

      • RMMD

        • avoid TRP when external RMM is defined (57bc3c4)

        • fix bug, raised by coverity, when zeroing manifest struct (83a4e8e)

    • SPM

      • add device-regions used in tf-a-tests (45716e3)

      • not defining load-address in SP config (04e7f80)

      • reduce verbosity on passing tf-a-tests (29872eb)

      • silence warning in sp_mk_generator (6a3225e)

      • EL3 SPMC

        • add datastore linker script markers (ba33528)

        • fix dangling pointer in FFA_CONSOLE_LOG (83129bc)

      • SPMD

        • register group0 handler only if supported (fca5f0e)

        • skip NS EL1 context save & restore operations (2d960a1)

  • Libraries

    • CPU Support

      • workaround for Cortex-A520 erratum 2630792 (f03bfc3)

      • workaround for Cortex-A520 erratum 2858100 (34db353)

      • workaround for Cortex-A710 erratum 2778471 (c9508d6)

      • workaround for Cortex-A715 erratum 2331818 (53b3cd2)

      • workaround for Cortex-A715 erratum 2344187 (33c665a)

      • workaround for Cortex-A715 erratum 2413290 (15a0461)

      • workaround for Cortex-A715 erratum 2420947 (1f73247)

      • workaround for Cortex-A715 erratum 2429384 (262dc9f)

      • workaround for Cortex-A715 erratum 2561034 (6a6b282)

      • workaround for Cortex-A715 erratum 2728106 (10134e3)

      • workaround for Cortex-A720 erratum 2926083 (152f4cf)

      • workaround for Cortex-A720 erratum 2940794 (7385213)

      • workaround for Cortex-A78C erratum 2683027 (68cac6a)

      • workaround for Cortex-A78C erratum 2743232 (81d4094)

      • workaround for Cortex-X2 erratum 2778471 (b01a93d)

      • workaround for Cortex-X3 erratum 2266875 (a65c5ba)

      • workaround for Cortex-X3 erratum 2302506 (3f9df2c)

      • workaround for Cortex-X3 erratum 2372204 (7f69a40)

      • workaround for Cortex X3 erratum 2641945 (c1aa3fa)

      • workaround for Cortex X3 erratum 2743088 (f43e9f5)

      • workaround for Cortex-X3 erratum 2779509 (355ce0a)

      • workaround for Cortex-X4 erratum 2701112 (cc41b56)

      • workaround for Cortex-X4 erratum 2740089 (c833ca6)

      • workaround for Cortex-X4 erratum 2763018 (4731211)

      • workaround for Neoverse V1 erratum 2348377 (71ed917)

      • workaround for Neoverse V2 erratum 2618597 (c0f8ce5)

      • workaround for Neoverse V2 erratum 2662553 (912c409)

      • workaround for Neoverse V2 erratum 3099206 (8815cda)

      • add Cortex-A520 definitions (ae19093)

      • workaround for Cortex-A715 erratum 2413290 re-factored with ENABLE_SPE_FOR_NS=1 (bd2f7d3)

      • fix a defect in Cortex-A715 erratum 2561034 (57ab6d8)

      • add erratum 2701951 to Cortex-X3’s list (106c428)

      • update status of Cortex-X3 erratum 2615812 (f589a2a)

      • fix incorrect AMU trap settings for N2 CPU (54b86d4)

      • correct variant name for default Poseidon CPU (61a2968)

      • check for SCU before accessing DSU (5b5562b)

    • EL3 Runtime

      • Context Management

        • add more feature registers to EL1 context mgmt (d6c76e6)

        • add more system registers to EL1 context mgmt (ed9bb82)

        • hide cm_init_context_by_index from BL1 (a6b3643)

        • remove ENABLE_FEAT_MTE usage (a796d5a)

        • save guarded control stack registers (6aae3ac)

        • update gic el2 sysregs save/restore mechanism (937d6fd)

        • couple el2 registers with dependent feature flags (d6af234)

        • move EL1 save/restore routines into C (59f8882)

    • FCONF

      • boot fails using ARM_ARCH_MINOR=8 (0c86a84)

    • OP-TEE

      • set interrupt handler before kernel boot (0ec69a5)

    • PSCI

      • fix parent_idx in psci_validate_state_coordination (412d92f)

      • mask the Last in Level nibble in StateId (0a9c244)

    • GPT

      • declare gpt_tlbi_by_pa_ll() (832e4ed)

      • unify logging messages (b99926e)

      • use DC CIGDPAPA when MTE2 is implemented (62d6465)

    • C Standard Library

      • add memcpy_s source file to libc_asm mk (99db13b)

      • memset inclusion to libc makefiles (84eb3ef)

    • PSA

      • fix static check failure (bc0ff02)

    • Context Management

      • align the memory address of EL2 context registers (8c56a78)

    • Firmware Handoff

      • correct representation of tag_id (d594ace)

    • Exception Handling Framework (EHF)

      • restrict secure world FIQ routing model to SPM_MM (7671008)

    • SMCCC

      • correctly find pmf version (62865b4)

  • Drivers

    • Measured Boot

      • add missing image identifier string (a8a09e3)

    • SCMI

      • induce a delay in monitoring SCMI channel status (af1ac2d)

    • Arm

      • GIC

        • GICv3

          • GIC-600

            • workaround for Part 1 of GIC600 erratum 2384374 (24a4a0a)

        • GICv2

          • fix SGIR_NSATT bitshift (eef240c)

      • MHU

        • use MHUv2 if PLAT_MHU_VERSION undefined (c34dd06)

        • provide only the usable size of memory (5cd1084)

      • RSE

        • fix bound check during protocol selection (f754bd4)

    • Renesas

      • R-Car3

        • add integer overflow check (ef38fb1)

        • add integer overflow check (93b8952)

        • check “rcar_image_number” variable before use (b469880)

        • check for length underflow (9778b27)

        • check loaded NS image area (ae4860b)

    • USB

  • Miscellaneous

    • TBBR

      • move rotpk definitions out of arm_def.h (0f0fd49)

    • code coverage optimization fix (152ad11)

    • fix MISRA defects (c42d0d8)

    • static checks on spmc dts (c35299d)

  • Documentation

    • revise the description of REGISTER_CRYPTO_LIB (5710229)

    • typo in the romlib design (3b57ae2)

  • Build System

    • add forgotten BL_LDFLAGS to lto command line (49ba1df)

    • don’t generate build-id (304ad94)

    • don’t rely on that gcc-ar is in the same directory as gcc (7ef0b83)

    • enforce single partition for LTO build (31f80ef)

    • march handling with arch-features (7275ac2)

    • move comment for VERSION_PATCH (c25d1cc)

    • mute sp_mk_generator from build log (fbd32ac)

    • properly manage versions in .versionrc.js (7f74030)

    • wrap toolchain paths in double quotes (4731c00)

  • Tools

    • Certificate Creation Tool

      • add guardrails around brainpool usage (c0c280d)

      • use a salt length equal to digest length for RSA-PSS (e639ad2)

    • Memory Mapping Tool

      • fix footprint free space calculation (9e72d01)

      • fix memory map dump when SEPARATE_CODE_AND_RODATA=0 (6dc8ee6)

    • Marvell Tools

      • include mbedtls/version.h before use (8eb4efe)

13.3. 2.10.0 (2023-11-21)

13.3.1. ⚠ BREAKING CHANGES

  • Architecture

    • Performance Monitors Extension (FEAT_PMUv3)

      • This patch explicitly breaks the EL2 entry path. It is currently unsupported.

        See: convert FEAT_MTPMU to C and move to persistent register init (83a4dae)

  • Libraries

    • EL3 Runtime

      • Context Management

        • Initialisation code for handoff from EL3 to NS-EL1 disabled by default. Platforms which do that need to enable this macro going forward

          See: introduce INIT_UNUSED_NS_EL2 macro (183329a)

  • Drivers

    • Authentication

      • remove CryptoCell-712/713 support

        See: remove CryptoCell-712/713 support (b65dfe4)

13.3.2. New Features

  • Architecture

    • CPU feature / ID register handling in general

      • add AArch32 PAN detection support (d156c52)

      • add memory retention bit define for CLUSTERPWRDN (278beb8)

      • deny AArch64-only features when building for AArch32 (733d112)

      • initialize HFG*_EL2 registers (4a530b4)

    • Memory Tagging Extension

      • adds feature detection for MTE_PERM (4d0b663)

    • Performance Monitors Extension (FEAT_PMUv3)

      • introduce pmuv3 lib/extensions folder (c73686a)

  • Platforms

    • Allwinner

      • use reset through scpi for warm/soft reset (0cf5f08)

    • Arm

      • add IO policy to use backup gpt header (3e6d245)

      • ecdsa p384/p256 full key support (b8ae689)

      • enable FHI PPI interrupt to report CPU errors (f1e4a28)

      • reuse SPM_MM specific defines for SPMC_AT_EL3 (5df1dcc)

      • save BL32 image base and size in entry point info (821b01f)

      • add memory map entry for CPER memory region (4dc91ac)

      • firmware first error handling support for base RAMs (5b77a0e)

      • update common platform RAS implementation (7f15131)

      • FVP

        • add mbedtls_asn1_get_len symbol in ROMlib (0605060)

        • add public key-OID information in RSS metadata structure (bfbb1cb)

        • add spmd logical partition (5cf311f)

        • allow configurable FVP Trusted SRAM size (41e56f4)

        • capture timestamps in bl stages (ed8f06d)

        • implement platform function to measure and publish Public Key (db55d23)

        • increase BL1 RW area for PSA_CRYPTO implementation (ce18938)

        • mock support for CCA NV ctr (02552d4)

        • new SiP call to set an interrupt pending (2032401)

        • spmd logical partition smc handler (a1a9a95)

      • Juno

        • add mbedtls_asn1_get_len symbol in ROMlib (ec8ba97)

      • Morello

        • add cpuidle support (4f7330d)

        • add support for I2S audio (6bcbe43)

        • add TF-A version string to NT_FW_CONFIG (f4e64d1)

        • fdts: add CoreSight DeviceTree bindings (3e6cfa7)

        • set NT_FW_CONFIG properties for MCC, PCC and SCP version (10fd85d)

      • RD

        • RD-N2

          • enable base element RAM RAS support on RD-N2 platform (0288632)

          • add defines needed for spmc-el3 (b4bed4b)

          • add plat hook for memory transaction (f99dcba)

          • enable Neoverse N2 CPU error handling support (e802748)

          • introduce accessor function to obtain datastore (f458934)

          • introduce platform handler for Group0 interrupt (c47d049)

      • SGI

        • remove RAS setup call from common code (0f5e8eb)

        • firmware first error handling for Neoverse N2 CPU (31d1e4f)

        • increase sp memmap size (7c33bca)

      • TC

        • define memory ranges for tc platform (9be6b16)

        • implement platform function to measure and publish Public Key (eee9fb0)

        • deprecate Arm TC1 FVP platform (6a2b11c)

    • Aspeed

      • AST2700

        • add Aspeed AST2700 platform support (85f199b)

    • Intel

      • add intel_rsu_update() to sip_svc_v2 (e3c3a48)

      • ccu driver for Agilex5 SoC FPGA (02df499)

      • clock manager support for Agilex5 SoC FPGA (1b1a3eb)

      • cold/warm reset and smp support for Agilex5 SoC FPGA (79626f4)

      • ddr driver for Agilex5 SoC FPGA (29461e4)

      • mailbox and SMC support for Agilex5 SoC FPGA (8e59b9f)

      • memory controller support for Agilex5 SoC FPGA (18adb4e)

      • mmc support for Agilex5 SoC FPGA (4a577da)

      • pinmux, peripheral and Handoff support for Agilex5 SoC FPGA (fcbb5cf)

      • platform enablement for Agilex5 SoC FPGA (7931d33)

      • power manager for Agilex5 SoC FPGA (a8bf898)

      • reset manager support for Agilex5 SoC FPGA (9b8d813)

      • restructure sys mgr for Agilex (6197dc9)

      • restructure sys mgr for S10/N5X (b653f3c)

      • sdmmc/nand/combo-phy/qspi driver for Agilex5 SoC FPGA (ddaf02d)

      • setup SEU ERR read interface for FP8 (91239f2)

      • system manager support for Agilex5 SoC FPGA (7618403)

      • uart support for Agilex5 SoC FPGA (34971f8)

      • vab support for Agilex5 SoC FPGA (4754925)

    • MediaTek

      • add APU bootup control smc call (94a9e62)

      • add APU watchdog timeout control (baa0d45)

      • MT8188

        • add apusys ao devapc setting (777e3b7)

        • add backup/restore function when power on/off (233d604)

        • add devapc setting of apusys rcx (5986ae5)

        • add DSB before udelay (b254b98)

        • add emi mpu protection for APU secure memory (176846a)

        • add EMI MPU support for SCP and DSP (013006f)

        • add support for SMC from OP-TEE (34d9d61)

        • enable apusys domain remap (b5900c9)

        • enable apusys mailbox mpu protect (ad7673a)

        • increase TZRAM_SIZE from 192KB to 256KB (aa1cb27)

        • modify APU DAPC permission (d06edab)

        • update return value in mtk_emi_mpu_sip_handler (d07eee2)

      • MT8195

    • NXP

      • i.MX

        • add dummy ‘plat_mboot_measure_key’ function (b9bceef)

        • i.MX 8M

          • add more dram pll setting (8947404)

          • detect console base address during runtime (df730d9)

          • enable snvs privileged registers access (8d150c9)

          • move the gpc reg & macro to a separate header file (2a6ffa9)

          • i.MX 8M Nano

            • add workaround for errata ERR050362 (8562564)

        • i.MX 9

          • i.MX93

            • add cpuidle and basic suspend support (422d30c)

            • add OPTEE support (27a0be7)

            • add reset & poweroff support (cf7ef4c)

            • add the basic support (2368d7b)

            • add the trdc driver (2935291)

            • allow SoC masters access to system TCM (3d3b769)

            • protect OPTEE memory to secure access only (f560f84)

            • update the ocram trdc config for did10 (eb76a24)

    • QEMU

      • add sdei support for QEMU (cef76a7)

      • add “cortex-a710” cpu support (4734a62)

      • add “neoverse-n2” cpu support (408f9cb)

      • add “neoverse-v1” cpu support (6d8d7d2)

      • add “neoverse-v1” cpu support (214de62)

      • add A55 cpu support for virt (409c20c)

      • add dummy plat_mboot_measure_key() BL1 function (8e2fd6a)

      • add dummy plat_mboot_measure_key() function (f0f11ac)

      • implement firmware handoff on qemu (322af23)

      • SBSA

    • QTI

      • MSM8916

        • add port for MDM9607 (78aac78)

        • add port for MSM8909 (cf0a75f)

        • add port for MSM8939 (c28e96c)

        • add SP_MIN port for AArch32 (45b2bd0)

        • add Test Secure Payload (TSP) port (6b8f9e1)

        • allow selecting which UART to use (aad23f1)

        • clear CACHE_LOCK for MMU-500 r2p0+ (d9b0442)

        • initialize CCI-400 for multiple clusters (1240dc7)

        • power on L2 caches for secondary clusters (c822d26)

    • ST

      • add RCC registers list (4cfbb84)

      • allow AARCH64 compilation for common code (dad7181)

      • introduce new platform STM32MP2 (35527fb)

      • support gcc as linker (7762531)

      • update STM32MP DT files (4c8e8ea)

      • STM32MP1

        • add FWU with boot from NOR-SPI (dfbadfd)

        • STM32MP15

          • disable OP-TEE shared memory (fb1d3bd)

      • STM32MP2

    • Texas Instruments

      • add TI-SCI query firmware capabilities command support (7ab7828)

      • query firmware for suspend capability (ce1008f)

      • remove extra core counts in cluster 2 and 3 (e986845)

    • Xilinx

      • add support to get chipid (0563601)

      • clean macro names (bfd0626)

      • fix IPI calculation for Versal/NET (69a5bee)

      • move IPI related macros to plat_ipi.h (b2258ce)

      • remove crash console unused macros (473ada6)

      • setup local/remote id in header (068b0bc)

      • switch boot console to runtime (9c1c8f0)

      • sync macro names (04a4833)

      • used console also as crash console (3e6b96e)

      • Versal

        • add support for SMCC ARCH SOC ID (079c6e2)

        • add tsp support (7ff4d4f)

        • ddr address reservation in dtb at runtime (56d1857)

        • enable assertion (0375188)

        • retrieval of console information from dtb (7c36fbc)

        • Versal NET

          • add cluster check in handoff parameters (01c8c6a)

          • add support for SMCC ARCH SOC ID (1873e7f)

          • add the IPI CRC checksum macro support (ba56b01)

          • add tsp support (639b367)

          • ddr address reservation in dtb at runtime (46a08aa)

          • enable assertion (80cb4b1)

          • get the handoff params using IPI (a36ac40)

          • remove empty crash console setup (6a14246)

          • retrieval of console information from dtb (a467e81)

      • ZynqMP

        • enable assertion (2243ba3)

        • remove pm_ioctl_set_sgmii_mode api (7414aaa)

        • retrieval of console information from dtb (3923462)

    • Nuvoton

      • added support for npcm845x chip (edcece1)

  • Bootloader Images

    • BL2

    • BL31

      • reuse SPM_MM specific defines for SPMC_AT_EL3 (f5e1bed)

    • BL32

      • print entry point before exiting SP_MIN (94e1be2)

  • Services

    • RME

      • save PAuth context when RME is enabled (13cc1aa)

      • RMMD

        • enable SME for RMM (f92eb7e)

        • pass SMCCCv1.3 SVE hint bit to RMM (6788963)

      • RMM

        • update RMI VERSION command as per EAC5 (ade6000)

    • SPM

      • separate StMM SP specifics to add support for a S-EL0 SP (549bc04)

      • EL3 SPMC

        • add a flag to enable support to load SEL0 SP (801cd3c)

      • SPMD

        • add partition info get regs (0b850e9)

        • add spmd logical partitions (890b508)

        • el3 direct message API (66bdfd6)

        • get logical partitions info (95f7f6d)

    • ERRATA ABI

      • add support for Cortex-X3 (9c16521)

  • Libraries

    • CPU Support

      • add a concise way to implement AArch64 errata (3f4c1e1)

      • add a way to automatically report errata (4f748cc)

      • add errata framework helpers (445f7b5)

      • add more errata framework helpers (94a75ad)

      • add support for Gelas CPU (02586e0)

      • add support for hermes cpu (a00e907)

      • add support for Nevis CPU (5497958)

      • add support for Travis CPU (a0594ad)

      • conform DSU errata to errata framework PCS (ee6d04d)

      • make revision procedure call optional (4d22b0e)

      • wrappers to propagate AArch32 errata info (34c51f3)

    • EL3 Runtime

      • modify vector entry paths (d04c04a)

      • RAS

        • reuse SPM_MM specific defines for SPMC_AT_EL3 (6e92a82)

        • use FEAT_IESB for error synchronization (6597fcf)

    • Translation Tables

      • detect 4KB and 16KB page support when FEAT_LPA2 is present (bff074d)

    • C Standard Library

      • add %X to printf/snprintf (483edc2)

      • implement memcpy_s in lib (f328bff)

    • PSA

      • interface with RSS for retrieving ROTPK (50316e2)

    • Firmware Handoff

      • introduce firmware handoff library (3ba2c15)

      • port BL31-BL33 interface to fw handoff framework (94c90ac)

  • Drivers

    • Authentication

      • add CCA NV ctr to CCA CoT (e3b1cc0)

      • add explicit entries for key OIDs (0cffcdd)

      • create a zero-OID for Subject Public Key (9505d03)

      • ecdsa p384 key support (557f7d8)

      • measure and publicise the Public Key (9eaa5a0)

      • mbedTLS

      • mbedTLS-PSA

        • initialise mbedtls psa crypto (4eaaaa1)

        • introduce PSA_CRYPTO build option (5782b89)

        • mbedTLS PSA Crypto with ECDSA (255ce97)

        • register an ad-hoc PSA crypto driver (38f8936)

        • use PSA crypto API during hash calculation (484b586)

        • use PSA crypto API during signature verification (eaa62e8)

        • use PSA crypto API for hash verification (2ed061c)

    • Measured Boot

      • introduce platform function to measure and publish Public Key (2971bad)

    • GUID Partition Tables Support

      • add interface to init gpt (f08460d)

      • add support to use backup GPT header (ad2dd65)

    • Arm

      • Ethos-N

        • update npu error handling (4796d2d)

      • RSS

        • set the signer-ID in the RSS metadata (60861a0)

    • ST

      • Clock

        • allow aarch64 compilation of STGEN functions (b1718c6)

        • stub fdt_get_rcc_secure_state (19c3808)

      • UART

        • add AARCH64 stm32_console driver (c6d070c)

  • Miscellaneous

    • AArch64

      • add stack debug information to assembly routines (f832885)

    • DT Bindings

      • add the STM32MP2 clock and reset bindings (3ccb708)

    • FDTs

      • Morello

      • STM32MP2

        • add stm32mp257f-ev1 board (9aa5371)

        • introduce stm32mp25 pinctrl files (2c62cc4)

        • introduce stm32mp25 SoCs family (0dc283d)

    • TBBR

      • add image id for backup GPT (1051606)

      • update PK_DER_LEN for ECDSA P-384 keys (c1ec23d)

  • Documentation

    • introduce STM32MP2 doc (ee5076f)

    • save BL32 image base and size in entry point info (31dcf23)

    • add a threat model for TF-A with Arm CCA (4463541)

    • cover threats inherent to receiving data over UART (348446a)

    • add a section for experimental build options (4885600)

  • Build System

    • include plat header in fdt build (e03dcc8)

    • manage patch version in Makefile (055ebec)

    • march option selection (7794d6c)

    • pass CCA NV ctr option to cert_create (0f19b7a)

    • .gitignore to include memory tools (82257de)

    • allow gcc linker on Aarch32 platforms (cfe6767)

    • bump certifi to version 2023.7.22 (6cbf432)

    • convert tabs and ifdef comparisons (72f027c)

    • convert tabs to spaces (1ca73b4)

    • disable ENABLE_FEAT_MPAM for Aarch32 (a07b459)

    • include Cortex-A78AE cpu file for FVP (b996db1)

    • pass parameters through response files (430be43)

    • remove duplicated include order (c189adb)

    • remove handling of mandatory options (1ca902a)

  • Tools

    • Firmware Image Package Tool

      • add ability to build statically (4d4fec2)

    • Secure Partition Tool

      • generate ARM_BL2_SP_LIST_DTS file from sp_layout.json (20629b3)

    • Certificate Creation Tool

      • add new option for CCA NV ctr (60753a6)

      • add pkcs11 engine support (616b3ce)

      • ecdsa p384 key support (c512c89)

    • Memory Mapping Tool

      • add tabular memory use data (d9d5eb1)

      • add topological memory view (cc60aba)

13.3.3. Resolved Issues

  • Architecture

    • CPU feature / ID register handling in general

      • move nested virtualization support to optionals (8b2048c)

    • Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)

      • refine MPAM initialization and enablement process (edebefb)

    • Performance Monitors Extension (FEAT_PMUv3)

      • make MDCR_EL3.MTPME=1 out of reset (33815eb)

  • Platforms

    • register PLAT_SP_PRI only if not already registered (bf01999)

    • Arm

      • add Event Log area behind Trustzone Controller (d836df7)

      • correct the SPMC_AT_EL3 condition (a0ef1c0)

      • fix GIC macros for GICv4.1 support (f1df8f1)

      • add RAS_FFH_SUPPORT check for RAS EHF priority (1c01284)

      • do not program DSU CLUSTERPWRDN register (3209b35)

      • FPGA

        • enable CPU features required for ARMv9.2 cores (b321c24)

      • FVP

        • adjust BL2 maximum size as per total SRAM size (965aace)

        • adjust BL31 maximum size as per total SRAM size (24e224b)

        • conditionally increase XLAT and MMAP table entries (03cf4e9)

        • extract core id from mpidr for pwrc operations (70bc744)

        • increase maximum MMAP and XLAT entries count (12fe591)

        • increase the maximum size of Event Log (f1dfaa4)

        • resolve broken workaround reference (bcb3ea9)

        • update pwr_domain_suspend (f51d277)

        • update system suspend in OS-initiated mode (e0ef05b)

      • Morello

        • configure platform specific secure SPIs (80f8769)

      • N1SDP

        • configure platform specific secure SPIs (7b0c95a)

        • fix spi_ids range for n1sdp multichip boot (31f60a9)

      • SGI

        • update PLAT_SP_PRI macro definition (6f689a5)

      • TC

        • Correct return type (b0542b5)

        • rename macro to match PSA spec (1fc20d7)

      • Corstone-1000

        • add cpu_helpers.S to platform.mk (cb27274)

        • modify boot device dependencies (3ff5fc2)

        • removing the signature area (5856a91)

    • Aspeed

      • AST2700

        • add device mapping for coherent memory (cef2e92)

    • Broadcom

      • fix misspelled header inclusion guard (a9779c1)

    • Cadence

      • update console flush uart driver (e27bebb)

    • Intel

      • fix ncore ccu snoop dvm enable bug (106aa54)

      • resolved coverity checking (1af7bf7)

      • update boot scratch cold register to use cold 8 (655af4f)

      • update checking for memcpy and memset (c418064)

    • MediaTek

      • support saving/restoring GICR registers (f73466e)

    • NVIDIA

      • Tegra

        • return correct error code for plat_core_pos_by_mpidr (6bd79b1)

    • NXP

      • i.MX

        • i.MX 8M

          • make IMX_BOOT_UART_BASE autodetection option more obvious (101f070)

          • map BL32 memory only if SPD_opteed or SPD_trusty is enabled (4827613)

    • QEMU

      • fix 32-bit builds with stack protector (e57ca89)

      • SBSA

        • align FIP base to BL1 size (408cde8)

    • QTI

      • SC7280

        • update pwr_domain_suspend (a43be0f)

        • update system suspend in OS-initiated mode (0a9270a)

    • Renesas

      • R-Car

        • add mandatory fields in ‘reserved-memory’ node (f945498)

        • R-Car 3

          • fix CPG register code comment (69c371b)

          • update Draak and Eagle board IDs (281edfe)

    • ST

      • allow crypto lib compilation in aarch64 (76e4fab)

      • enable RTC clock before accessing nv counter (77ce6a5)

      • flush UART at the end of uart_read() (a9cb7d0)

      • properly check LOADADDR (9f72f5e)

      • reduce MMC block_buffer (a2500ab)

      • setting default KEY_SIZE (6f3ca8a)

      • update comment on encryption key (5c506c7)

      • update dt_get_ddr_size() type (2a4abe0)

      • STM32MP1

        • add void entry in plat_def_toc_entries (8214ecd)

        • properly check PSCI functions return (241f874)

        • use the BSEC nodes compatible for stm32mp13 (2171bd9)

    • Texas Instruments

      • align static device region addresses to reduce MMU table count (53a868f)

      • fix TISCI API changes during refactor (d7a7135)

      • release lock in all TI-SCI xfer return paths (e92375e)

      • remove check for zero value in BL31 boot args (44edd3b)

    • Xilinx

      • add headers to resolve compile time issue (744d60a)

      • dcache flush for dtb region (93ed138)

      • don’t reserve 1 more byte (c3b69bf)

      • dynamic mmap region for dtb (7ca7fb1)

      • remove clock_setrate and clock_getrate api (e5955d7)

      • remove console error message (f9820f2)

      • update dtb when dtb address and tf-a ddr flow is used (fdf8f92)

      • DCC (Debug Communication Channel)

        • add dcc console unregister function (0936abe)

        • enable DCC also for crash console (c6d9186)

      • Versal

        • add missing irq mapping for wakeup src (06b9c4c)

        • fix BLXX memory limits for user defined values (f123b91)

        • make pmc ipi channel as secure (96eaafa)

        • type cast addresses to fix integer overflow (bfe82cf)

        • use correct macro name for ocm base address (56afab7)

        • Versal NET

          • add redundant call to avoid glitches (cebb7cc)

          • change flag to increase security (e8efb65)

          • correct device node indexes (66b5620)

          • don’t clear pending interrupts (fb73ea6)

          • fix BLXX memory limits for user defined values (a80da38)

          • make pmc ipi channel as secure (2c65b79)

          • use correct macro name for uart baudrate (e2ef1df)

      • ZynqMP

        • do not export apu_ipi (237c5a7)

        • fix BLXX memory limits for user defined values (8ce2fbf)

        • fix prepare_dtb() memory description (3efee73)

        • fix sdei arm_validate_ns_entrypoint() (3b3c70a)

        • handling of type el3 interrrupts (e8d61f7)

        • make zynqmp_devices structure smaller (7e3e799)

        • remove unused headers (6288636)

        • resolve runtime error in TSP (81ad3b1)

        • type cast addresses to fix overflow issue (9129163)

        • validate clock_id to avoid OOB variable access (abc79c2)

    • Nuvoton

      • fix typo in platform.mk (c7efb78)

  • Bootloader Images

    • BL2

      • bl2 start address for RESET_TO_BL2+ENABLE_PIE (d478ac1)

    • BL31

      • resolve runtime console garbage in next stage (889e3d1)

    • BL32

      • always include arm_arch_svc in SP_MIN (cd0786c)

      • avoid clearing argument registers in RESET_TO_SP_MIN case (56055e8)

      • TSP

        • fix destination ID in direct request (ed23d27)

        • flush uart console (ae074b3)

  • Services

    • RME

      • RMMD

        • enable sme using sme_enable_per_world (c0e16d3)

    • SPM

      • EL3 SPM

        • fix LSP direct message response (c040621)

        • improve direct messaging validation (48fe24c)

      • EL3 SPMC

        • avoid descriptor size calc overflow (27c0242)

        • correctly account for emad_offset (0c2583c)

        • fix incorrect CASSERT (1dd79f9)

        • only call spmc_shm_check_obj() on complete objects (d781959)

        • prevent total_page_count overflow (2d4da8e)

        • remove experimental flag (630a06c)

        • use uint64_t for 64-bit type (43318e4)

        • use version-dependent minimum descriptor length (52d8d50)

        • validate descriptor headers (56c052d)

        • validate memory address alignment (327b5b8)

        • validate shmem descriptor alignment (dd94372)

      • SPMD

        • coverity scan issues (b04343f)

        • fix FFA_VERSION forwarding (76d53ee)

        • perform G0 interrupt acknowledge and deactivation (6c91fc4)

        • relax use of EHF with SPMC at S-EL2 (bb6d0a1)

    • ERRATA ABI

      • added Neoverse N2 to Errata ABI list (7e030b3)

      • fix the rev-var for Cortex-A710 (5c8fcc0)

      • update the Cortex-A76 errata ABI struct (92d5b50)

      • update the Cortex-A78C errata ABI struct (7f2caec)

      • update the neoverse-N1 errata ABI struct (56747a5)

      • update the Neoverse-N2 errata ABI struct (80af87e)

  • Libraries

    • CPU Support

      • assert invalid cpu_ops obtained (3f721c6)

      • check for SME presence in Gelas (0bbd432)

      • fix minor issue seen with a9 cpu (af70470)

      • fix the rev-var for Cortex-A710 (2bf7939)

      • fix the rev-var of Cortex-X2 (8ae66d6)

      • fix the rev-var of Neoverse-V1 (ab2b56d)

      • flush L2 cache for Cortex-A7/12/15/17 (c5c160c)

      • integer suffix macro definition (1a56ed4)

      • reduce generic_errata_report()’s size (f43e09a)

      • revert erroneous use of override_vector_table macro in Cortex-A73 (9a0c812)

      • update the fix for Cortex-A78AE erratum 1941500 (67a2ad1)

      • update the rev-var for Cortex-A78AE (c814619)

      • workaround for Cortex-A510 erratum 2080326 (6e86475)

      • workaround for Cortex-A710 erratum 2742423 (d7bc2cb)

      • workaround for Cortex-X2 erratum 2742423 (fe06e11)

      • workaround for Cortex-X3 erratum 2070301 (2454316)

      • workaround for Cortex-X3 erratum 2742421 (5b0e443)

      • workaround for Neoverse N2 erratum 2009478 (74bfe31)

      • workaround for Neoverse N2 erratum 2340933 (68085ad)

      • workaround for Neoverse N2 erratum 2346952 (6cb8be1)

      • workaround for Neoverse N2 erratum 2743014 (eb44035)

      • workaround for Neoverse N2 erratum 2779511 (12d2806)

      • workaround for Neoverse V2 erratum 2331132 (8852fb5)

      • workaround for Neoverse V2 erratum 2719105 (b011402)

      • workaround for Neoverse V2 erratum 2743011 (58dd153)

      • workaround for Neoverse V2 erratum 2779510 (ff34264)

      • workaround for Neoverse V2 erratum 2801372 (40c81ed)

    • EL3 Runtime

      • leverage generic interrupt controller helpers (07f867b)

      • restrict lower el EA handlers in FFH mode (6d22b08)

      • Context Management

        • make ICC_SRE_EL2 fixup generic to all worlds (5e8cc72)

        • set MDCR_EL3.{NSPBE, STE} explicitly (99506fa)

      • RAS

        • remove RAS_FFH_SUPPORT and introduce FFH_SUPPORT (f87e54f)

        • restrict ENABLE_FEAT_RAS to have only two states (970a4a8)

    • PSCI

      • add optional pwr_domain_validate_suspend to plat_psci_ops_t (d348861)

    • SMCCC

      • ensure that mpidr passed through SMC is valid (e60c184)

      • pass SMCCCv1.3 SVE hint to internal flags (b2d8517)

    • Translation Tables

      • fix defects on the xlat library reported by coverity scan (2974ad8)

      • set MAX_PHYS_ADDR to total mapped physical region (1a38aaf)

  • Drivers

    • Authentication

      • allow hashes of different lengths (22a5354)

      • don’t overwrite pk with converted pk when rotpk is hash (1046b41)

    • Measured Boot

      • don’t strip last non-0 char (b85bcb8)

    • MMC

      • initialises response buffer with zeros (b1a2c51)

    • MTD

      • NAND

        • reset the SLC NAND (f4d765a)

        • SPI NAND

          • add Quad Enable management (da7a33c)

    • SCMI

      • add parameter for plat_scmi_clock_rates_array (ca9d6ed)

    • UFS

      • performs unsigned shift for doorbell (e47d8a5)

      • set data segment length (9d6786c)

    • Arm

      • GIC

        • GICv3

          • map generic interrupt type to GICv3 group (632e5ff)

          • move invocation of gicv3_get_multichip_base function (36704d0)

          • GIC-600

            • fix gic600 maximum SPI ID (69ed7dc)

    • Renesas

      • R-Car3

    • ST

      • Clock

        • disabling CKPER clock is not functional on stm32mp13 (1bbcb58)

      • Crypto

        • do not read RNG data if it’s not ready (53092a7)

        • use GENMASK_32 to define PKA registers masks (379d77b)

      • DDR

        • express memory size with size_t type (b4e1e8f)

      • UART

        • allow 64 bit compilation (6fef0f6)

        • correctly check UART enabled in flush fonction (a527380)

        • skip console flush if UART is disabled (b156d7b)

  • Miscellaneous

    • AArch32

      • disable workaround discovery on aarch32 for now (d1f2748)

    • FDTs

      • STM32MP1

        • move /omit-if-no-ref/ to overlay files (f351f91)

        • STM32MP13

          • correct the BSEC nodes compatible (85c2ea8)

          • cosmetic fixes in PLL nodes (8b82663)

    • SDEI

      • ensure that interrupt ID is valid (a7eff34)

    • TBBR

      • guard defines under MBEDTLS_CONFIG_FILE (81c2e15)

      • unrecognised ‘tos-fw-key-cert’ option (f1cb5bd)

  • Documentation

    • match boot-order size to implementation (fd1479d)

    • add missing line in the fiptool command for stm32mp1 (d526d00)

    • fix build errors for latexpdf (443d6ea)

    • remove out-dated information about CI review comments (74306b2)

    • replace deprecated urls under tfa/docs (5fdf198)

    • update maintainers list (9766f41)

    • updated certain Neoverse N2 erratum status in docs (d6d34b3)

    • use rsvg-convert as the conversion backend (c365476)

  • Tools

    • Firmware Image Package Tool

      • move juno plat_fiptool.mk (570a230)

    • Certificate Creation Tool

      • fix key loading logic (bb3b0c0)

      • key: Avoid having a temporary value for pkey in key_load (ea6f845)

    • Memory Mapping Tool

      • reintroduce support for GNU map files (d0e3053)

13.4. 2.9.0 (2023-05-16)

13.4.1. ⚠ BREAKING CHANGES

  • Libraries

    • EL3 Runtime

      • RAS

        • The previous RAS_EXTENSION is now deprecated. The equivalent functionality can be achieved by the following 2 options:

          • ENABLE_FEAT_RAS

          • RAS_FFH_SUPPORT

          See: replace RAS_EXTENSION with FEAT_RAS (9202d51)

  • Drivers

    • Authentication

      • unify REGISTER_CRYPTO_LIB

        See: unify REGISTER_CRYPTO_LIB (dee99f1)

    • Arm

      • Ethos-N

        • The Linux Kernel NPU driver can no longer directly configure and boot the NPU in a TZMP1 build. The API version has therefore been given a major version bump with this change.

          See: add protected NPU firmware setup (6dcf3e7)

        • Building the FIP when TZMP1 support is enabled in the NPU driver now requires a parameter to specify the NPU firmware file.

          See: load NPU firmware at BL2 (33bcaed)

  • Build System

    • BL2_AT_EL3 renamed to RESET_TO_BL2 across the repository.

      See: distinguish BL2 as TF-A entry point and BL2 running at EL3 (42d4d3b)

    • check boolean flags are not empty

      See: check boolean flags are not empty (1369fb8)

    • All input and output linker section names have been prefixed with the period character, e.g. cpu_ops -> .cpu_ops.

      See: always prefix section names with . (da04341)

    • The EXTRA_LINKERFILE build system variable has been replaced with the <IMAGE>_LINKER_SCRIPT_SOURCES variable. See the commit message for more information.

      See: permit multiple linker scripts (a6ff006)

    • The LINKERFILE, BL_LINKERFILE and <IMAGE_LINKERFILE> build system variables have been renamed. See the commit message for more information.

      See: clarify linker script generation (8227493)

13.4.2. Resolved Issues

  • Architecture

    • CPU feature / ID register handling in general

      • context-switch: move FGT availability check to callers (de8c489)

      • make stub enable functions “static inline” (d7f3ed3)

      • resolve build errors due to compiler optimization (e8f0dd5)

    • Memory Partitioning and Monitoring (MPAM) Extension (FEAT_MPAM)

      • feat_detect: support major/minor (1f8be7f)

      • remove unwanted param for “endfunc” macro (0e0bd25)

      • run-time checks for mpam save/restore routines (ed80440)

    • Pointer Authentication Extension

      • make pauth_helpers linking generic (90ce8b8)

    • Performance Monitors Extension (FEAT_PMUv3)

      • switch FVP PMUv3 SPIs to PPI (d7c455d)

      • unconditionally save PMCR_EL0 (1d6d680)

    • Scalable Matrix Extension (FEAT_SME, FEAT_SME2)

      • disable SME for SPD=spmd (2fd2fce)

    • Statistical profiling Extension (FEAT_SPE)

      • drop SPE EL2 context switch code (16e3ddb)

  • Platforms

    • Allwinner

      • check RSB availability in DT on H6 (658b315)

    • Arm

      • arm_rotpk_header undefined reference (95302e4)

      • A5DS

        • add default value for ARM_DISABLE_TRUSTED_WDOG (115ab63)

      • CSS

        • fix invalid redistributor poweroff (60719e4)

      • FPGA

        • include missing header file (b7253a1)

      • FVP

        • correct ehf priority for SPM_MM (fb2fd55)

        • incorrect UUID name in FVP tb_fw_config (7f2bf23)

        • unconditionally include lib/psa headers (72db458)

        • work around BL31 progbits exceeded (138221c)

        • work around DRTM_SUPPORT BL31 progbits exceeded (7762e5d)

      • Morello

        • add platform-specific power domain functions (02a5bcb)

      • N1SDP

        • add platform-specific power domain functions (5bdafc4)

      • RD

        • RD-N1 Edge

          • change variable type to fix gcc sign conversion error (3a3e0e5)

      • TC

        • increase TC_TZC_DRAM1_SIZE (7e3f6a8)

        • change the FIP offset to 8 KiB boundary (d07b8aa)

        • change the properties of optee reserved memory (2fff46c)

        • enable dynamic feature detection of FEAT_SVE for NormalWorld (67265f2)

        • enable the execution of both platform tests (657b90e)

        • only suspend booting after running plat tests (9b26655)

        • unify TC ROM start addresses (f9e11c7)

        • update the name of mbedtls config header (d5fc899)

    • Broadcom

      • add braces around bodies of conditionals (9f58bfb)

    • Intel

      • add mailbox error return status for FCS_DECRYPTION (76ed322)

      • agilex bitstream pre-authenticate (4b3d323)

      • fix Agilex and N5X clock manager to main PLL C0 (5f06bff)

      • fix fcs_client crashed when increased param size (c42402c)

      • fix pinmux handoff bug on Agilex (e6c0389)

      • fix print out ERROR when encounter SEU_Err (1a0bf6e)

      • fix sp_timer0 is not disabled in firewall on Agilex (8de7167)

      • fix the pointer of block memory to fill in and bytes being set (afe9fcc)

      • flash dcache before mmio read (731622f)

      • mailbox store QSPI ref clk in scratch reg (7f9e9e4)

      • missing NCORE CCU snoop filter fix in BL2 (b34a48c)

      • remove checking on TEMP and VOLT checking for HWMON (68ac5fe)

      • update boot scratch to indicate to Uboot is PSCI ON (7f7a16a)

    • NVIDIA

      • Tegra

        • append major revision to the chip_id value (33c4766)

        • remove dependency on CPU registers to get boot parameters (0b9f05f)

        • Tegra 210

          • support legacy SMC_ID 0xC2FEFE00 (40a4e2d)

    • NXP

      • i.MX

        • i.MX 8M

          • add ddr4 dvfs sw workaround for ERR050712 (e00fe11)

          • backup mr12/14 value from lpddr4 chip (a2655f4)

          • correct the rank info get fro mstr (5277c09)

          • fix coverity out of bound access issue (0331b1c)

          • fix the current fsp init (25c4323)

          • fix the dfiphymaster setting after dvfs (ad0cbbf)

          • fix the dram retention random hang on some imx8mq Rev2.0 (4bf5019)

          • fix the rank to rank space issue (3330084)

          • i.MX 8Q

            • fix compilation with gcc >= 12.x (e75a3b6)

      • Layerscape

        • fix errata a008850 (c45791b)

        • fix nv_storage assert checking (5d599b7)

        • unlock write access SMMU_CBn_ACTLR (0ca1d8f)

        • LX2

          • init global data before using it (50aa0ea)

        • LS1046A

          • 4 keys secureboot failure resolved (c0c157a)

    • QEMU

      • enable dynamic feature detection of FEAT_SVE for NormalWorld (fc259b6)

      • SBSA

    • QTI

      • MSM8916

        • add timeout for crash console TX flush (7e002c8)

        • drop unneeded initialization of CNTACR (d833af3)

        • flush dcache after writing msm8916_entry_point (01ba69c)

        • print \r before \n on UART console (3fb7e40)

    • Raspberry Pi

      • Raspberry Pi 3

        • initialize SD card host controller (bd96d53)

    • Renesas

      • align incompatible function pointers (90c4b3b)

    • Rockchip

      • use semicolon instead of comma (8557d49)

    • ST

      • add U suffix for unsigned numbers (9c1aa12)

      • explicitly check operators precedence (56048fe)

      • include utils.h to solve compilation error (377846b)

      • make metadata_block_spec static (d1d8a9b)

      • rework secure-status check in fdt_get_status() (0ebaf22)

      • use Boolean type for tests (45d2d49)

      • use indices when counting GPIOs in DT (e7d7544)

      • STM32MP1

        • add const for strings in stm32mp_get_soc_name() (d7f5bed)

        • add missing platform.h include (6e55f9e)

        • always define PKA algos flags (e0e2d64)

        • remove boolean check on PLAT_TBBR_IMG_DEF (231a0ad)

        • rework DWL buffer cache invalidation (127ed00)

    • Texas Instruments

      • do not take system power reference in bl31_platform_setup() (9977948)

      • fix typo in boot authentication message name (81f525e)

    • Xilinx

      • fix misra defects (964e559)

      • handle CRC failure in IPI (5e92be5)

      • handle CRC failure in IPI callback (6173d91)

      • initialize values to device enum members (5c62d59)

      • remove asserts around arg0/arg1 (8be2044)

      • remove unnecessary condition (c984123)

      • remove unused mailbox macros (15f49cb)

      • resolve integer handling issue (4e46db4)

      • use lib/smccc.h macros instead of trusty spd (0ee07d7)

      • Versal

        • check smc_fid 23:16 bits (4a50363)

        • fix incorrect regbase for PMC IPI (c4185d5)

        • initialize the variable with value 0 in pm code (cd73d62)

        • print proper atf handoff source (0fe002c)

        • replace FPD_MAINCCI* macros (245d30e)

        • sync location based on IPI_ID macros (92a43bd)

        • Versal NET

          • fix irq for IPI0 (95bbfbc)

          • clear power down bit during wakeup (5f0f7e4)

          • clear power down interrupt status before enable (2d056db)

          • correct aff level for cpu off (6ada9dc)

          • disable wakeup interrupt during client wakeup (e663f09)

          • enable wake interrupt during client suspend (39fffe5)

          • fix setting power down state (1f79bdf)

          • populate gic v3 rdist data statically (355dc3d)

          • resolve misra 10.6 warnings (8c23775)

          • resolve misra rule 20.7 warnings (21d1966)

          • use spin_lock instead of bakery_lock (0b3a2cf)

      • ZynqMP

        • add bitmask for get_op_char API (ad4b667)

        • check return status of pm_get_api_version (c92ad36)

        • check smc_fid 23:16 bits (09b342a)

        • conditional reservation of memory in DTB (c52a142)

        • enable A53 workaround(errata 1530924) (d8133d7)

        • fix bl31_zynqmp_setup.c coding style (26ef5c2)

        • fix DT reserved allocated size (2c03915)

        • fix xck24 silicon ID (f156590)

        • initialize uint32 with value 0U in pm code (e65584a)

        • move EM SMC range to SIP range (acbae39)

        • panic w/o handoff structure in !JTAG (fbe4dbe)

        • remove redundant api_version check (d0b58c8)

        • remove unused PLAT_NUM_POWER_DOMAINS (72c3124)

        • separate EM from PM SMCs (a911396)

        • update MAX_XLAT_TABLES for DDR memory range (12446ce)

        • update the conflicting EEMI API IDs (bcc1348)

        • with DEBUG=1 move bl31 to DDR range (2537f07)

  • Bootloader Images

    • BL31

      • avoid clearing of argument registers in RESET_TO_BL31 case (3e14df6)

    • BL32

      • TSP

        • loop / crash if mmap of region fails (8c353e0)

        • use verbose for power logs (3354915)

  • Services

    • RME

      • update sample platform attestation token (19c1dce)

      • TRP

        • preserve RMI SMC X4 when not used as return (b96253d)

      • RMMD

        • add missing padding to RMM Boot Manifest and initialize it (dc0ca64)

    • SPM

      • EL3 SPMC

        • fix coverity scan warnings (1543d17)

        • improve bound check for descriptor (def7590)

        • report execution state in partition info get (62cd8f3)

      • SPMD

        • fix build error with spmd (fd51b21)

  • Libraries

    • CPU Support

      • do not put RAS check before using esb (9ec2ca2)

      • use hint instruction for “tsb csync” (7a181b7)

      • workaround for Cortex-A510 erratum 2684597 (aea4ccf)

      • workaround for Cortex-A710 erratum 2282622 (89d85ad)

      • workaround for Cortex-A710 erratum 2768515 (b87b02c)

      • workaround for Cortex-A78 erratum 2742426 (a63332c)

      • workaround for Cortex-A78 erratum 2772019 (b10afcc)

      • workaround for Cortex-A78 erratum 2779479 (7d1700c)

      • workaround for Cortex-A78C erratum 1827430 (672eb21)

      • workaround for Cortex-A78C erratum 1827440 (b01a59e)

      • workaround for Cortex-A78C erratum 2772121 (00230e3)

      • workaround for Cortex-A78C erratum 2779484 (66bf3ba)

      • workaround for Cortex-X2 erratum 2282622 (f9c6301)

      • workaround for Cortex-X2 erratum 2768515 (1cfde82)

      • workaround for Cortex-X3 erratum 2615812 (c7e698c)

      • workaround for Neoverse N2 erratum 2743089 (1ee7c82)

      • workaround for Neoverse V1 errata 2743233 (f1c3eae)

      • workaround for Neoverse V1 errata 2779461 (2757da0)

      • workaround for Neoverse V1 erratum 2743093 (31747f0)

      • workaround platforms non-arm interconnect (ab062f0)

    • EL3 Runtime

      • allow SErrors when executing in EL3 (1cbe42a)

      • do not save scr_el3 during EL3 entry (e61713b)

      • restore SPSR/ELR/SCR after esb (ff1d2ef)

      • RAS

        • do not put RAS check before esb macro (7d5036b)

    • FCONF

      • fix FCONF_ARM_IO_UUID_NUMBER value (e208f32)

      • make struct fconf_populator static (40e740d)

    • OP-TEE

      • address late comments and fix bad rc (8d7c80f)

      • return UUID for image loading service (85ab882)

    • PSCI

      • do not panic on illegal MPIDR (8a6d0d2)

      • potential array overflow with cpu on (6632741)

      • remove unreachable switch/case blocks (ad27f4b)

      • tighten psci_power_down_wfi behaviour (695a48b)

    • GPT

      • fix compilation error for gpt_rme.c (a0d5147)

    • SMCCC

      • check smc_fid [23:17] bits (f8a3579)

    • C Standard Library

      • properly define SCHAR_MIN (06c01b0)

      • remove __putchar alias (28dc825)

    • Context Management

  • Drivers

    • Authentication

      • avoid out-of-bounds read in auth_nvctr() (abb8f93)

      • forbid junk after extensions (fd37982)

      • only accept v3 X.509 certificates (e9e4a2a)

      • properly validate X.509 extensions (f5c5185)

      • reject invalid padding in digests (f47547b)

      • reject junk after certificates (ca34dbc)

      • reject padding after BIT STRING in signatures (a8c8c5e)

      • require at least one extension to be present (72460f5)

      • require bit strings to have no unused bits (8816dbb)

      • use NULL instead of 0 for pointer check (654b65b)

      • mbedTLS

        • fix mbedtls coverity issues (a9edc32)

    • Console

      • correct scopes for console symbols (03bd481)

      • fix crash on spin_unlock with cache disabled (5fb6946)

    • I/O

      • compare function pointers with NULL (06d223c)

    • MMC

      • align part config type (53cbc94)

      • do not modify r_data in mmc_send_cmd() (bf78a65)

      • explicitly check operators precedence (14cda51)

      • remove redundant reset_to_idle call (bc0a738)

    • GUID Partition Tables Support

      • add missing curly braces (1290662)

      • add U suffix for unsigned numbers (d1c6c49)

    • SCMI

      • change function prototype to fix gcc error (f0f2c90)

      • fix compilation error in scmi base (7c38934)

    • UFS

      • device present (DP) field is set to ‘1’ (83103d1)

      • flush the entire PRDT (83ef869)

      • only allow using one slot (56db7b8)

      • poll UCRDY for all commands (6e57b2f)

      • set the PRDT length field properly (20fdbcf)

    • Arm

      • Ethos-N

        • add workaround for erratum 2838783 (5a89947)

      • GIC

        • wrap cache enabled assert under plat_can_cmo (78fbb0e)

        • GICv3

          • fixed bug in the initialization of GICv3 SGIs/(E)PPIs interrupt priorities (5d68e89)

          • restore scr_el3 after changing it (1d0d5e4)

          • workaround for NVIDIA erratum T241-FABRIC-4 (a02a45d)

      • RSS

        • do not consider MHU_ERR_ALREADY_INIT as error (55a7aa9)

        • fix msg deserialization bugs in comms (dda0528)

        • remove null-terminator from RSS metadata (85a14bc)

    • NXP

      • fix fspi coverity issue (5199b3b)

      • fix sd secure boot failure (236ca56)

      • fix tzc380 memory regions config (07d8e34)

      • use semicolon instead of comma (50b8ea1)

      • NXP Crypto

        • fix coverity issue (e492299)

        • fix secure boot assert inclusion (334badb)

      • DDR

        • add checking return value (e83812f)

        • apply Max CDD values for warm boot (00bb8c3)

        • fix coverity issue (2d541cb)

        • fix underrun coverity issue (87612ea)

        • use CDDWW for write to read delay (fa01056)

    • ST

      • Clock

        • avoid arithmetics on pointers (4198fa1)

        • give the size for parent_mp13 and dividers_mp13 tables (ee21709)

        • remove useless switch (69a2e32)

        • use Boolean type for tests (c3ae7da)

      • Crypto

        • move flag control into source code (6a187a0)

        • remove platdata functions (6b3ca0a)

        • set get_plain_pk_from_asn1() static (70a422b)

      • GPIO

        • define shift as uint32_t (5d942ff)

      • SDMMC2

        • check transfer size before filling register (029f81e)

      • ST PMIC

        • define pmic_regs table size (3cebeec)

        • enclose macro parameter in parentheses (be7195d)

      • Regulator

        • enclose macro parameters in parentheses (91af163)

        • explicitly check operators precedence (68083e7)

        • rework for_each_*rdev macros (6a3ffb5)

        • use Boolean type for tests (9a00daf)

      • USB

        • replace redundant checks with asserts (02af589)

  • Style

  • Miscellaneous

    • AArch64

      • allow build with ARM_ARCH_MINOR=4 (78f56ee)

    • FDT Wrappers

    • FDTs

      • STM32MP1

        • STM32MP15

          • use /omit-if-no-ref/ for spi and i2c (d480df2)

          • use interrupts-extended for i2c2 (600c8f7)

    • PIE

      • pass -fpie to the preprocessor as well (966660e)

    • UUID

      • add missing #include directives (12562af)

    • add missing click dependency (ff12683)

    • add parenthesis for tests in MIN, MAX and CLAMP macros (8406db1)

    • increase BL32 limit (c2a7612)

    • remove old-style declarations (f4b8470)

    • remove useless “return” at void functions (af4d8c6)

    • unify fallthrough annotations (e138400)

  • Documentation

    • add a build.tools.python entry (4052d95)

    • add few missed links for Security Advisories (43f3a9c)

    • add plantuml as a dependency (65982a9)

    • add readthedocs configuration file (8a84776)

    • deprecate plat_convert_pk() in v2.9 (e0f58c7)

    • make required compiler version == rather than >= (415195c)

    • python version must be string (3aa919e)

    • specify python version to 3.10 (a7773c5)

  • Build System

    • add a default value for INVERTED_MEMMAP (4d32f91)

    • allow lower address access with gcc-12 (dea23e2)

    • allow warnings when using lld (ebac692)

    • partially fix qemu aarch32 build (c68736d)

  • Tools

    • NXP Tools

    • Secure Partition Tool

      • add dependency to SP image (4daeaf3)

    • Certificate Creation Tool

  • Dependencies

    • add missing aeabi_memset.S (bdedee5)

13.4.3. New Features

  • Architecture

    • Extended Translation Control Register (FEAT_TCR2).

      • add FEAT_TCR2 to the changelog (a366640)

      • support FEAT_TCR2 (d333160)

    • CPU feature / ID register handling in general

      • enable FEAT_SME for FEAT_STATE_CHECKED (45007ac)

      • enable FEAT_SVE for FEAT_STATE_CHECKED (2b0bc4e)

      • extend check_feature() to deal with min/max (a4cccb4)

    • Guarded Control Stack (FEAT_GCS)

      • support guarded control stack (688ab57)

    • Support for the HCRX_EL2 register (FEAT_HCX)

      • initialize HCRX_EL2 to its default value (ddb615b)

    • Scalable Matrix Extension (FEAT_SME, FEAT_SME2)

      • enable SME2 functionality for NS world (03d3c0d)

  • Platforms

    • Allwinner

      • add extra CPU control registers (b15e2cd)

      • add function to detect H616 die variant (fbde260)

      • add support for Allwinner T507 SoC (018c1d8)

    • Arm

      • add ARM_ROTPK_LOCATION variant full key (5f89928)

      • carveout DRAM1 area for Event Log (6b2e961)

      • FVP

        • add Event Log maximum size property in DT (1cf3e2f)

        • copy the Event Log to TZC secured DRAM area (191aa5d)

        • define ns memory in the SPMC manifest (7f28179)

        • emulate trapped RNDR (1ae7552)

        • enable errata management interface (d3bed15)

        • enable FEAT_FGT by default (15107da)

        • enable FEAT_HCX by default (2e12418)

        • enable support for PSCI OS-initiated mode (e75cc24)

        • increase BL1_RW and BL2 size (dbb9c1f)

        • introduce PLATFORM_TEST_EA_FFH config (fe38cc6)

        • introduce PLATFORM_TEST_RAS_FFH config (5602ce1)

        • update device tree with load addresses of TOS_FW config (1779762)

      • Juno

        • support ARM_IO_IN_DTB option for Juno (2fad320)

      • Morello

        • add GPU DT node (cd94c3d)

        • add support for HW_CONFIG (be79071)

        • implement methods to retrieve soc-id information (cc266bc)

      • RD

        • RD-N2

          • add platform id value for rdn2 variant 3 (028c619)

      • TC

        • enable MPAM functionality of L3 DSU cache (b45ec8c)

        • add delegated attest and measurement tests (25dd217)

        • allow secure watchdog timer to trigger periodically (28b2d86)

        • use smmu 700 (ed80eab)

    • Intel

      • extending to support SMMU in FCS (4687021)

      • fix bridge disable and reset (9ce8251)

      • implement timer init divider via CPU frequency for N5X (02a9d70)

      • setup FPGA interface for Agilex (3905f57)

    • MediaTek

      • add APU init flow (5243091)

      • add new features of LPM (917abdd)

      • add SiP service for OP-TEE (621eaab)

      • add SMC handler for EMI MPU (c842cc0)

      • add SPM’s SSPM notifier (c234ad1)

      • MT8188

        • add apu power on/off control (8e38b92)

        • add MT8188 SPM debug logs (f85b34b)

        • add MT8188 SPM support (45d5075)

        • add SPM feature support (f299efb)

        • add the register definitions accessed by SPM (1a64689)

        • enable SPM and LPM (380f64b)

        • keep infra and peri on when system suspend (e56a939)

        • update INFRA IOMMU enable flow (98415e1)

      • MT8195

        • add support for SMC from OP-TEE (ccc61e1)

    • NVIDIA

      • Tegra

        • implement ‘pwr_domain_off_early’ handler (96d07af)

    • NXP

      • i.MX

        • i.MX 8M

          • add more dram pll setting (4234b90)

          • fix the ddr4 dvfs random hang on imx8m (093888c)

          • update the ddr4 dvfs flow to include ddr3l support (0e39488)

          • use non-fast wakeup stop mode for system suspend (ef4e5f0)

          • i.MX 8Q

            • add anamix pll override setting for DSM mode (387a1df)

            • add BL31 PIE support (8cfa94b)

            • add the dram retention support for imx8mq (dd108c3)

            • add version for B2 (99475c5)

            • add workaround code for ERR11171 on imx8mq (88a2646)

            • always set up console (36be108)

            • correct the slot ack setting for STOP mode (724ac3e)

            • enable dram dvfs support on imx8mq (8962bdd)

            • make IMX_BOOT_UART_BASE configurable via build parameter (202737e)

            • remove empty bl31_plat_runtime_setup (7698dba)

        • i.MX 8

          • add support for debug uart on lpuart1 (8406447)

      • Layerscape

    • QEMU

      • add “neoverse-n1” cpu support (226f4c8)

      • add A76/N1 cpu support for virt (6b66693)

      • combine TF-A artefacts into ROM file (63bb905)

      • increase max cpus per cluster to 16 (73a7aca)

      • increase size of bl2 (db2bf3a)

      • make coherent memory section optional (af994ae)

      • support el3 spmc (302f053)

      • support pointer authentication (cffc956)

      • support s-el2 spmc (36802e2)

      • update abi between spmd and spmc (25ae7ad)

    • QTI

      • SC7280

        • add support for PSCI_OS_INIT_MODE (e528bbe)

      • MSM8916

        • expose more timer frames (1781bf1)

    • ST

      • mandate dtc version 1.4.7 (38ac8bb)

      • STM32MP1

        • add mbedtls-3.3 support config (c9498c8)

    • Texas Instruments

      • add PSCI system_off support (0bdef26)

      • add sub and patch version number support (852378f)

      • disable L2 dataless UniqueClean evictions (10d5cf1)

      • do not handle EAs in EL3 (2fcd408)

      • set L2 cache data ram latency on A72 cores to 4 cycles (aee2f33)

      • set L2 cache ECC and and parity on A72 cores (81858a3)

      • set snoop-delayed exclusive handling on A72 cores (5668db7)

      • synchronize access to secure proxy threads (312eec3)

    • Xilinx

      • add device node indexes (407eb6f)

      • sync copyright format (2774965)

      • Versal

        • replace irq array with switch case (0ec6c31)

        • switch to xlat_v2 (0e9f54e)

        • Versal NET

          • add jtag dcc support (30e8bc3)

          • add support for set wakeup source (c38d90f)

          • add support for uart1 console (2f1b4c5)

      • ZynqMP

        • add hooks for custom runtime setup (88a8938)

        • add hooks for mmap and early setup (7013400)

        • add SMCCC_ARCH_SOC_ID support (8f9ba3f)

        • add support for custom sip service (496d708)

        • build pm code as library (3af2ee9)

        • bump up version of query_data API (aaf5ce7)

        • make stack size configurable (5753665)

  • Services

    • RME

      • read DRAM information from FVP DTB (8268590)

      • set DRAM information in Boot Manifest platform data (a97bfa5)

      • RMM

        • add support for the 2nd DRAM bank (346cfe2)

    • SPM

      • EL3 SPMC

        • make platform logical partition optional (555677f)

      • SPMD

        • add support for FFA_EL3_INTR_HANDLE_32 ABI (6671b3d)

        • copy tos_fw_config in secure region (0cea2ae)

        • fail safe if SPM fails to initialize (0d33649)

        • introduce FFA_PARTITION_INFO_GET_REGS (eaaf517)

        • introduce platform handler for Group0 interrupt (f0b64e5)

        • map SPMC manifest region as EL3_PAS (8c829a9)

        • register handler for group0 interrupt from NWd (a1e0e87)

    • ERRATA_ABI

      • errata management firmware interface (ffea384)

  • Libraries

    • CPU Support

      • add support for blackhawk cpu (6578343)

      • add support for chaberton cpu (516a52f)

    • EL3 Runtime

      • handle traps for IMPDEF registers accesses (0ed3be6)

      • introduce system register trap handler (ccd81f1)

    • FCONF

      • rename ‘ns-load-address’ to ‘secondary-load-address’ (05e5503)

    • OP-TEE

      • add device tree for coreboot table (f4bbf43)

      • add loading OP-TEE image via an SMC (05c69cf)

    • PSCI

      • add support for OS-initiated mode (606b743)

      • add support for PSCI_SET_SUSPEND_MODE (b88a441)

      • introduce ‘pwr_domain_off_early’ hook (6cf4ae9)

      • update PSCI_FEATURES (9a70e69)

    • C Standard Library

      • add %c to printf/snprintf (44d9706)

      • add support for fallthrough statement (023f1be)

    • PSA

      • add read_measurement API (6d0525a)

      • interface with RSS for NV counters (8374508)

  • Drivers

    • Authentication

      • compare platform and certificate ROTPK for authentication (f1e693a)

      • mbedTLS

        • add support for mbedtls-3.3 (51e0615)

    • UFS

      • adds timeout and error handling (2c5bce3)

    • Arm

      • Ethos-N

        • add check for NPU in SiP setup (a2cdbb1)

        • add event and aux control support (7820777)

        • add multiple asset allocators (8a921e3)

        • add NPU firmware validation (313b776)

        • add NPU sleeping SMC call (2a2e3e8)

        • add NPU support in fiptool (c91b08c)

        • add protected NPU firmware setup (6dcf3e7)

        • add protected NPU TZMP1 regions (d77c11e)

        • add reserved memory address support (a19a024)

        • add reset type to reset SMC calls (fa37d30)

        • add separate RO and RW NSAIDs (986c4e9)

        • add SMC call to get FW properties (e9812dd)

        • add stream extends and attr support (e64abe7)

        • add support for NPU to cert_create (f309607)

        • add support to set up NSAID (70a296e)

        • load NPU firmware at BL2 (33bcaed)

      • GIC

        • GICv3

          • enlarge the range for intr_num of structure interrupt_prop_t (d5eee8f)

      • RSS

        • add TC platform UUIDs for RSS images (6ef63af)

      • SBSA

        • helper api for refreshing watchdog timer (e8166d3)

  • Miscellaneous

    • AArch64

      • make ID system register reads non-volatile (c2fb8ef)

    • FDTs

      • STM32MP1

        • use /omit-if-no-ref/ for pins nodes (0aae96c)

        • STM32MP15

          • add support for prtt1x board family (3812ceb)

    • PIE/POR

      • support permission indirection and overlay (062b6c6)

  • Documentation

  • Build System

    • add support for new binutils versions (1f49db5)

    • allow additional CFLAGS for library build (5a65fcd)

    • Git Hooks

    • add support for poetry (793f72c)

  • Tools

    • Firmware Image Package Tool

      • handle FIP in a disk partition (06e69f7)

  • Dependencies

    • Compiler runtime libraries

13.5. 2.8.0 (2022-11-15)

13.5.1. ⚠ BREAKING CHANGES

  • Drivers

    • Arm

      • Ethos-N

        • add support for SMMU streams

          See: add support for SMMU streams (b139f1c)

13.5.2. New Features

  • Architecture

    • pass SMCCCv1.3 SVE hint bit to dispatchers (0fe7b9f)

    • Branch Record Buffer Extension (FEAT_BRBE)

      • add brbe under feature detection mechanism (1298f2f)

    • Confidential Compute Architecture (CCA)

      • introduce new “cca” chain of trust (56b741d)

    • Pointer Authentication Extension

      • add/modify helpers to support QARMA3 (9ff5f75)

    • Trapping support for RNDR/RNDRRS (FEAT_RNG_TRAP)

      • add EL3 support for FEAT_RNG_TRAP (ff86e0b)

    • Scalable Matrix Extension (FEAT_SME)

      • fall back to SVE if SME is not there (26a3351)

    • Scalable Vector Extension (FEAT_SVE)

      • support full SVE vector length (bebcf27)

    • Trace Buffer Extension (FEAT_TRBE)

      • add trbe under feature detection mechanism (47c681b)

  • Platforms

    • Arm

      • add support for cca CoT (f242379)

      • forbid running RME-enlightened BL31 from DRAM (1164a59)

      • provide some swd rotpk files (98662a7)

      • retrieve the right ROTPK for cca (50b4497)

      • CSS

        • add interrupt handler for reboot request (f1fe144)

        • add per-cpu power down support for warm reset (158ed58)

      • FVP

        • add example manifest for TSP (3cf080e)

        • add crypto support in BL31 (c9bd1ba)

        • add plat API to set and get the DRTM error (586f60c)

        • add plat API to validate that passed region is non-secure (d5f225d)

        • add platform hooks for DRTM DMA protection (d72c486)

        • build delegated attestation in BL31 (0271edd)

        • dts: drop 32-bit .dts files (b920330)

        • fdts: update rtsm_ve DT files from the Linux kernel (2716bd3)

        • increase BL31’s stack size for DRTM support (44df105)

        • increase MAX_XLAT_TABLES entries for DRTM support (8a8dace)

        • support building RSS comms driver (29e6fc5)

      • RD

        • RD-N2

          • add a new ‘isolated-cpu-list’ property (afa4157)

          • add SPI ID ranges for RD-N2 multichip platform (9f0835e)

          • enable extended SPI support (108488f)

      • SGI

        • increase memory reserved for bl31 image (a62cc91)

        • read isolated cpu mpid list from sds (4243ef4)

        • add page table translation entry for secure uart (2a7e080)

        • bump bl1 rw size (94df8da)

        • configure SRAM and BL31 size for sgi platform (8fd820f)

        • deviate from arm css common uart related definitions (173674a)

        • enable css implementation of warm reset (18884c0)

        • remove override for ARM_BL31_IN_DRAM build-option (a371327)

        • route TF-A logs via secure uart (0601083)

      • TC

        • add MHU addresses for AP-RSS comms on TC2 (6299c3a)

        • add RSS-AP message size macro (445130b)

        • add RTC PL031 device tree node (a816de5)

        • enable RSS backend based measured boot (6cb5d32)

        • increase maximum BL1/BL2/BL31 sizes (e6c1316)

        • introduce TC2 platform (eebd2c3)

        • move start address for BL1 to 0x1000 (9335c28)

    • HiSilicon

      • HiKey960

        • add a FF-A logical partition (25a357f)

        • add memory sharing hooks for SPMC_AT_EL3 (5f905a2)

        • add plat-defines for SPMC_AT_EL3 (feebd4c)

        • add SP manifest for SPMC_AT_EL3 (6971642)

        • define a datastore for SPMC_AT_EL3 (e618c62)

        • increase secure workspace to 64MB (e0eea33)

        • read serial number from UFS (c371b83)

        • upgrade to xlat_tables_v2 (6cfc807)

    • MediaTek

      • add more flexibility of mtk_pm.c (6ca2046)

      • add more options for build helper (5b95e43)

      • add smcc call for MSDC (4dbe24c)

      • extend SiP vendor subscription events (99d30b7)

      • implement generic platform port (394b920)

      • introduce mtk init framework (52035de)

      • move dp drivers to common folder (d150b62)

      • move lpm drivers back to common (cd7890d)

      • move mtk_cirq.c drivers to cirq folder (cc76896)

      • support coreboot BL31 loading (ef988ae)

      • MT8186

        • add EMI MPU support for SCP and DSP (3d4b6f9)

      • MT8188

    • NXP

      • i.MX

        • i.MX 8M

          • add dram retention flow for imx8m family (c71793c)

          • add support for high assurance boot (720e7b6)

          • add the anamix pll override setting (66d399e)

          • add the ddr frequency change support for imx8m family (9c336f6)

          • add the PU power domain support on imx8mm/mn (44dea54)

          • keep pu domains in default state during boot stage (9d3249d)

          • make psci common code pie compatible (5d2d332)

          • i.MX 8M Nano

            • add BL31 PIE support (62d37a4)

            • add hab and map required memory blocks (b5f06d3)

            • enable dram retention suuport on imx8mn (2003fa9)

          • i.MX 8M Mini

            • add BL31 PIE support (a8e6a2c)

            • add hab and map required memory blocks (5941f37)

            • enable dram retention suuport on imx8mm (b7abf48)

          • i.MX 8M Plus

            • add BL31 PIE support (7a443fe)

            • add hab and map required memory blocks (62a93aa)

          • i.MX 8Q

            • add 100us delay after USB OTG SRC bit 0 clear (66345b8)

      • Layerscape

        • LS1043A

          • LS1043ARDB

            • update ddr configure for ls1043ardb-pd (18af644)

    • QEMU

    • QTI

      • fix to support cpu errata (6cc743c)

      • updated soc version for sc7180 and sc7280 (39fdd3d)

    • Socionext

      • Synquacer

    • ST

      • add trace for early console (00606df)

      • enable MMC_FLAG_SD_CMD6 for SD-cards (53d5b8f)

      • properly manage early console (5223d88)

      • search pinctrl node by compatible (b14d3e2)

      • STM32MP1

        • add a check on TRUSTED_BOARD_BOOT with secure chip (54007c3)

        • add a stm32mp crypto library (ad3e46a)

        • add define for external scratch buffer for nand devices (9ee2510)

        • add early console in SP_min (14a0704)

        • add plat_report_*_abort functions (0423868)

        • add RNG initialization in BL2 for STM32MP13 (2742374)

        • add the decryption support (cd79116)

        • add the platform specific build for tools (461d631)

        • add the TRUSTED_BOARD_BOOT support (beb625f)

        • allow to override MTD base offset (e0bbc19)

        • configure the serial boot load address (4b2f23e)

        • extend STM32MP_EMMC_BOOT support to FIP format (95e4908)

        • manage second NAND OTP on STM32MP13 (d3434dc)

        • manage STM32MP13 rev.Y (a3f97f6)

        • optionally use paged OP-TEE (c4dbcb8)

        • remove unused function from boot API (f30034a)

        • retrieve FIP partition by type UUID (1dab28f)

        • save boot auth status and partition info (ab2b325)

        • update ROM code API for header v2 management (89c0774)

        • STM32MP13

          • change BL33 memory mapping (10f6dc7)

        • STM32MP15

          • manage OP-TEE shared memory (722ca35)

    • Texas Instruments

      • K3

        • add support for J784S4 SoCs (4a566b2)

    • Xilinx

      • Versal

        • add infrastructure to handle multiple interrupts (e497421)

        • get the handoff params using IPI (205c7ad)

        • resolve the misra 10.1 warnings (b86e1aa)

        • update macro name to generic and move to common place (f99306d)

        • Versal NET

          • add support for QEMU COSIM platform (6a079ef)

          • add documentation for Versal NET SoC (4efdc48)

          • add SMP support for Versal NET (8529c76)

          • add support for IPI (0bf622d)

          • add support for platform management (0654ab7)

          • add support for Xilinx Versal NET platform (1d333e6)

      • ZynqMP

        • optimization on pinctrl_functions (314f9f7)

        • add support for ProvenCore (358aa6b)

        • add support for xck24 silicon (86869f9)

        • protect eFuses from non-secure access (d0b7286)

        • resolve the misra 10.1 warnings (bfd7c88)

  • Bootloader Images

    • add interface to query TF-A semantic ver (dddf428)

    • BL32

      • TSP

        • add FF-A support to the TSP (4a8bfdb)

        • add ffa_helpers to enable more FF-A functionality (e9b1f30)

        • enable test cases for EL3 SPMC (15ca1ee)

        • increase stack size for tsp (5b7bd2a)

  • Services

    • add a SPD for ProvenCore (b0980e5)

    • RME

      • RMMD

        • add support for RMM Boot interface (8c980a4)

        • add support to create a boot manifest (1d0ca40)

    • SPM

      • add tpm event log node to spmc manifest (054f0fe)

      • SPMD

        • avoid spoofing in FF-A direct request (5519f07)

    • DRTM

      • add a few DRTM DMA protection APIs (2b13a98)

      • add DRTM parameters structure version check (c503ded)

      • add Event Log driver support for DRTM (4081426)

      • add PCR entries for DRTM (ff1e42e)

      • add platform functions for DRTM (2a1cdee)

      • add remediation driver support in DRTM (1436e37)

      • add standard DRTM service (e62748e)

      • check drtm arguments during dynamic launch (40e1fad)

      • ensure that no SDEI event registered during dynamic launch (b1392f4)

      • ensure that passed region lies within Non-Secure region of DRAM (764aa95)

      • flush dcache before DLME launch (67471e7)

      • introduce drtm dynamic launch function (bd6cc0b)

      • invalidate icache before DLME launch (2c26597)

      • prepare DLME data for DLME launch (d42119c)

      • prepare EL state during dynamic launch (d1747e1)

      • retrieve DRTM features (e9467af)

      • take DRTM components measurements before DLME launch (2090e55)

      • update drtm setup function (d54792b)

  • Libraries

    • CPU Support

      • add library support for Hunter ELP (8c87bec)

      • add a64fx cpu to tf-a (74ec90e)

      • make cache ops conditional (04c7303)

      • remove plat_can_cmo check for aarch32 (92f8be8)

      • update doc and check for plat_can_cmo (a2e0123)

    • OP-TEE

    • PSCI

      • add a helper function to ensure that non-boot PEs are offline (ce14a12)

    • C Standard Library

      • introduce __maybe_unused (351f9cd)

    • PSA

      • add delegated attestation partition API (4b09ffe)

      • remove initial attestation partition API (420deb5)

  • Drivers

    • Authentication

      • allow to verify PublicKey with platform format PK (40f9f64)

      • enable MBEDTLS_CHECK_RETURN_WARNING (a4e485d)

      • Crypto

        • update crypto module for DRTM support (e43caf3)

      • mbedTLS

        • update mbedTLS driver for DRTM support (8b65390)

    • I/O

      • MTD

        • add platform function to allow using external buffer (f29c070)

    • MMC

      • get boot partition size (f462c12)

      • manage SD Switch Function for high speed mode (e5b267b)

    • MTD

      • add platform function to allow using external buffer (f29c070)

    • GUID Partition Tables Support

      • allow to find partition by type UUID (564f5d4)

    • SCMI

      • send powerdown request to online secondary cpus (14a2892)

      • set warm reboot entry point (5cf9cc1)

    • Arm

      • Ethos-N

        • add support for SMMU streams (b139f1c)

      • GIC

        • add APIs to raise NS and S-EL1 SGIs (dcb31ff)

        • GICv3

          • validate multichip data for GIC-700 (a78b3b3)

      • RSS

        • add new comms protocols (3125901)

    • ST

      • Crypto

        • add AES decrypt/auth by SAES IP (4bb4e83)

        • add ECDSA signature check with PKA (b0fbc02)

        • add STM32 RNG driver (af8dee2)

        • remove BL32 HASH driver usage (6b5fc19)

        • update HASH for new hardware version used in STM32MP13 (68039f2)

      • SDMMC2

      • UART

        • add initialization with the device tree (d99998f)

        • manage STM32MP_RECONFIGURE_CONSOLE (ea69dcd)

  • Miscellaneous

    • Debug

      • add AARCH32 CP15 fault registers (bb22891)

      • add helpers for aborts on AARCH32 (6dc5979)

    • FDTs

      • STM32MP1

        • add CoT and fuse references for authentication (928fa66)

        • change pin-controller to pinctrl (44fea93)

        • STM32MP13

          • use STM32MP_DDR_S_SIZE in fw-config (936f29f)

        • STM32MP15

          • add Avenger96 board with STM32MP157A DHCOR SoM (51e2230)

          • add support for STM32MP157C based DHCOM SoM on PDK2 board (eef485a)

    • SDEI

      • add a function to return total number of events registered (e6381f9)

    • TBBR

      • increase PK_DER_LEN size (1ef303f)

  • Tools

    • Firmware Image Package Tool

      • add cca, core_swd, plat cert in FIP (147f52f)

    • Certificate Creation Tool

      • define the cca chain of trust (0a6bf81)

      • update for ECDSA brainpoolP256r/t1 support (e78ba69)

  • Dependencies

    • Compiler runtime libraries

      • update compiler-rt source files (8a6a956)

    • libfdt

      • add function to set MAC addresses (1aa7e30)

      • upgrade libfdt source files (94b2f94)

    • zlib

      • update zlib source files (a194255)

13.5.3. Resolved Issues

  • Architecture

    • Performance Monitors Extension (FEAT_PMUv3)

      • add sensible default for MDCR_EL2 (7f85619)

    • Scalable Matrix Extension (FEAT_SME)

  • Platforms

    • Arm

      • FVP

        • fdts: Fix idle-states entry method (0e3d880)

        • fdts: fix memtimer subframe addressing (3fd12bb)

        • fdts: unify and fix PSCI nodes (6b2721c)

      • FVP Versatile Express

        • fdts: Fix vexpress,config-bus subnode names (60da130)

      • Morello

        • dts: add model names (30df890)

        • dts: fix DP SMMU IRQ ordering (fba729b)

        • dts: fix DT node naming (41c310b)

        • dts: fix GICv3 compatible string (982f258)

        • dts: fix SCMI shmem/mboxes grouping (8aeb1fc)

        • dts: fix SMMU IRQ ordering (5016ee4)

        • dts: fix stdout-path target (67a8a5c)

        • dts: remove #a-c and #s-c from memory node (f33e113)

        • dts: use documented DPU compatible string (3169572)

        • move BL31 to run from DRAM space (05330a4)

      • N1SDP

        • add numa node id for pcie controllers (2974d2f)

        • mapping Run-time UART to IOFPGA UART0 (4a81e91)

        • replace non-inclusive terms from dts file (e6ffafb)

      • TC

        • resolve the static-checks errors (066450a)

        • tc2 bl1 start address shifted by one page (8597a8c)

    • Intel

      • fix asynchronous read response by copying data to input buffer (dd7adcf)

      • fix Mac verify update and finalize for return response data (fbf7aef)

    • MediaTek

      • remove unused cold_boot.[c|h] (8cd3b69)

      • switch console to runtime state before leaving BL31 (fcf4dd9)

      • use uppercase for definition (810d568)

      • wrap cold_boot.h with MTK_SIP_KERNEL_BOOT_ENABLE (24476b2)

      • MT8186

        • fix SCP permission (8a998b5)

        • fix EMI_MPU domain setting for DSP (28a8b73)

        • fix the DRAM voltage after the system resumes (600f168)

        • move SSPM base register definition to platform_def.h (2a2b51d)

      • MT8188

        • add mmap entry for CPU idle SRAM (32071c0)

        • refine c-state power domain for extensibility (e35f4cb)

        • refine gic init flow after system resume (210ebbb)

    • NXP

      • i.MX

        • i.MX 8M

          • correct serial output for HAB JR0 (6e24d79)

          • fix dram retention fsp_table access (6c8f523)

          • move caam init after serial init (901d74b)

          • update poweroff related SNVS_LPCR bits only (ad6eb19)

          • i.MX 8Q

            • correct architected counter frequency (21189b8)

    • QEMU

    • QTI

    • Raspberry Pi

      • Raspberry Pi 3

        • tighten platform pwr_domain_pwr_down_wfi behaviour (028c4e4)

    • Renesas

      • R-Car

        • R-Car 3

          • fix RPC-IF device node name (08ae247)

    • Rockchip

      • align fdt buffer on 8 bytes (621acbd)

      • RK3399

        • explicitly define the sys_sleep_flag_sram type (7a5e90a)

    • Socionext

      • Synquacer

    • ST

      • add max size for FIP in eMMC boot part (e7cb4a8)

      • add missing string.h include (0d33d38)

      • STM32MP1

        • enable crash console in FIQ handler (484e846)

        • fdts: stm32mp1: align DDR regulators with new driver (9eed71b)

        • update the FIP load address for serial boot (32f2ca0)

        • STM32MP13

          • correct USART addresses (de1ab9f)

    • Xilinx

      • include missing header (28ba140)

      • miscellaneous fixes for xilinx platforms (bfc514f)

      • remove unnecessary header include (0ee2dc1)

      • update define for ZynqMP specific functions (24b5b53)

      • Versal

        • add SGI register call version check (5897e13)

        • enable a72 erratum 859971 and 1319367 (769446a)

        • fix code indentation issues (72583f9)

        • fix macro coding style issues (80806aa)

        • fix Misra-C violations in bl31_setup and pm_svc_main (68ffcd1)

        • remove clock related macros (47f8145)

        • resolve misra 10.1 warnings (19f92c4)

        • resolve misra 15.6 warnings (1117a16)

        • resolve misra 8.13 warnings (3d2ebe7)

        • resolve the misra 4.6 warnings (f7c48d9)

        • resolve the misra 4.6 warnings (912b7a6)

        • route GIC IPI interrupts during setup (04cc91b)

        • use only one space for indentation (dee5885)

      • Versal NET

        • Enable a78 errata workarounds (bcc6e4a)

        • add default values for silicon (faa22d4)

        • use api_id directly without FUNCID_MASK (b0eb6d1)

      • ZynqMP

        • fix coverity scan warnings (1ac6af1)

        • ensure memory write finish with dsb() (ac6c135)

        • fix for incorrect afi write mask value (4264bd3)

        • move bl31 with DEBUG=1 back to OCM (389594d)

        • move debug bl31 based address back to OCM (0ba3d7a)

        • remove additional 0x in %p print (05a6107)

        • resolve misra 4.6 warnings (cdb6211)

        • resolve misra 8.13 warnings (8695ffc)

        • resolve MISRA-C:2012 R.10.1 warnings (c889088)

        • resolve the misra 4.6 warnings (15dc3e4)

        • resolve the misra 4.6 warnings (ffa9103)

        • resolve the misra 8.6 warnings (7b1a6a0)

  • Bootloader Images

    • BL31

      • allow use of EHF with S-EL2 SPMC (7c2fe62)

      • harden check in delegate_async_ea (d435238)

      • pass the EA bit to ‘delegate_sync_ea’ (df56e9d)

  • Services

    • RME

      • refactor RME fid macros (fb00dc4)

      • relax RME compiler requirements (7670ddb)

      • update FVP platform token (364b4cd)

      • use RMM shared buffer for attest SMCs (dc65ae4)

      • xlat table setup fails for bl2 (e516ba6)

      • RMMD

    • SPM

      • EL3 SPMC

        • check descriptor size for overflow (eed15e4)

        • compute full FF-A V1.1 desc size (be075c3)

        • deadlock when relinquishing memory (ac568b2)

        • error handling in allocation (cee8bb3)

        • fix detection of overlapping memory regions (0dc3518)

        • fix incomplete reclaim validation (c4adbe6)

        • fix location of fragment length check (21ed9ea)

        • fix relinquish validation check (b4c3621)

  • Libraries

    • CPU Support

      • fix cpu version check for Neoverse N2, V1 (03ebf40)

      • workaround for Cortex-A510 erratum 2666669 (afb5d06)

      • workaround for Cortex-A710 2216384 (b781fcf)

      • workaround for Cortex-A710 erratum 2291219 (888eafa)

      • workaround for Cortex-A76 erratum 2743102 (4927309)

      • workaround for Cortex-A77 erratum 2743100 (4fdeaff)

      • workaround for Cortex-A78C erratum 2376749 (5d3c1f5)

      • workaround for Cortex-X3 erratum 2313909 (7954412)

      • workaround for Neoverse N1 erratum 2743102 (8ce4050)

      • workaround for Neoverse-N2 erratum 2326639 (43438ad)

      • workaround for Neoverse-N2 erratum 2388450 (884d515)

      • workaround for Cortex A78C erratum 2242638 (6979f47)

      • workaround for Cortex-A510 erratum 2347730 (11d448c)

      • workaround for Cortex-A510 erratum 2371937 (a67c1b1)

      • workaround for Cortex-A710 erratum 2147715 (3280e5e)

      • workaround for Cortex-A710 erratum 2371105 (3220f05)

      • workaround for Cortex-A77 erratum 2356587 (7bf1a7a)

      • workaround for Cortex-A78C 2132064 (8008bab)

      • workaround for Cortex-A78C erratum 2395411 (4b6f002)

      • workaround for Cortex-X2 erratum 2371105 (bc0f84d)

      • workaround for Neoverse-N2 erratum 2376738 (e6602d4)

      • workaround for Neoverse-V1 erratum 1618635 (14a6fed)

      • workaround for Neoverse-V1 erratum 2294912 (39eb5dd)

      • workaround for Neoverse-V1 erratum 2372203 (57b73d5)

    • EL3 Runtime

      • RAS

        • restrict RAS support for NS world (46cc41d)

        • trap “RAS error record” accesses only for NS (00e8f79)

    • FCONF

      • fix type error displaying disable_auth (381f465)

    • PSCI

      • fix MISRA failure - Memory - illegal accesses (0551aac)

    • GPT

      • correct the GPC enable sequence (14cddd7)

    • C Standard Library

      • pri*ptr macros for aarch64 (d307229)

    • PSA

      • fix Null pointer dereference error (c32ab75)

      • update measured boot handle (4d879e1)

      • add missing semicolon (d219ead)

      • align with original API in tf-m-extras (471c989)

      • extend measured boot logging (901b0a3)

    • Context Management

      • remove explicit ICC_SRE_EL2 register read (2b28727)

    • Semihosting

      • fix seek call failure check (7c49438)

  • Drivers

    • Authentication

      • correct sign-compare warning (ed38366)

    • Measured Boot

      • add SP entries to event_log_metadata (e637a5e)

      • clear the entire digest array of Startup Locality event (70b1c02)

      • fix verbosity level of RSS digests traces (2abd317)

    • MMC

      • remove broken, unsecure, unused eMMC RPMB handling (86b015e)

      • resolve the build error (ccf8392)

    • SCMI

      • base: fix protocol list querying (cad90b5)

      • base: fix protocol list response size (d323f0c)

    • UFS

      • add retries to ufs_read_capacity (28645eb)

      • fix slot base address computation (7d9648d)

      • init utrlba/utrlbau with desc_base (9d6d1a9)

      • point utrlbau to header instead of upiu (9d3f6c4)

      • removes dp and run-stop polling loops (660c208)

      • retry commands on unit attention (3d30955)

    • Arm

      • GIC

        • GICv3

          • fix overflow caused by left shift (6aea762)

          • update the affinity mask to 8 bit (e689048)

          • GIC-600

            • implement workaround to forward highest priority interrupt (e1b15b0)

      • RSS

        • clear the message buffer (e3a6fb8)

        • determine the size of sw_type in RSS mboot metadata (2c8f2a9)

        • fix build issues with comms protocol (ab545ef)

        • reduce input validation for measured boot (13a129e)

        • remove dependency on attestation header (6aa7154)

        • rename AP-RSS message size macro (70247dd)

    • NXP

      • DDR

        • fix firmware buffer re-mapping issue (742c23a)

    • ST

      • Clock

        • correct MISRA C2012 15.6 (56f895e)

        • correctly check ready bit (3b06a53)

  • Miscellaneous

    • AArch64

      • make AArch64 FGT feature detection more robust (c687776)

    • Debug

      • backtrace stack unwind misses lr adjustment (a149eb4)

      • decouple “get_el_str()” from backtrace (0ae4a3a)

    • FDTs

      • STM32MP1

        • STM32MP13

    • Security

      • optimisations for CVE-2022-23960 (e74d658)

  • Documentation

    • document missing RMM-EL3 runtime services (e50fedb)

    • add LTS maintainers (ab0d4d9)

    • update maintainers list (f23ce63)

    • Changelog

      • fix the broken link to commitlintrc.js (c1284a7)

  • Build System

    • disable default PIE when linking (7b59241)

    • discard sections also with SEPARATE_NOBITS_REGION (64207f8)

    • ensure that the correct rule is called for tools (598b166)

    • fix arch32 build issue for clang (94eb127)

    • make TF-A use provided OpenSSL binary (e95abc4)

  • Tools

    • Secure Partition Tool

      • fix concurrency issue for SP packages (0aaa382)

      • operators “is/is not” in sp_mk_gen.py (1a28f29)

      • ‘sp_mk_generator.py’ reference to undef var (0be2475)

  • Dependencies

    • add missing aeabi_memcpy.S (93cec69)

13.6. 2.7.0 (2022-05-20)

13.6.1. New Features

  • Architecture

    • Statistical profiling Extension (FEAT_SPE)

      • add support for FEAT_SPEv1p2 (f20eb89)

    • Branch Record Buffer Extension (FEAT_BRBE)

      • add BRBE support for NS world (744ad97)

    • Extended Cache Index (FEAT_CCIDX)

      • update the do_dcsw_op function to support FEAT_CCIDX (d0ec1cc)

  • Platforms

    • add SZ_* macros (1af59c4)

    • Allwinner

      • add SMCCC SOCID support (436cd75)

      • allow to skip PMIC regulator setup (67412e4)

      • apx803: add aldo1 regulator (a29f6e7)

      • choose PSCI states to avoid translation (159c36f)

      • provide CPU idle states to the rich OS (e2b1877)

      • simplify CPU_SUSPEND power state encoding (52466ec)

    • Arm

      • FVP

        • measure critical data (cf21064)

        • update HW_CONFIG DT loading mechanism (39f0b86)

        • enable RSS backend based measured boot (c44e50b)

      • Morello

        • add changes to enable TBBR boot (4af5397)

        • add DTS for Morello SoC platform (572c8ce)

        • add support for nt_fw_config (6ad6465)

        • add TARGET_PLATFORM flag (8840711)

        • configure DMC-Bing mode (9b8c431)

        • expose scmi protocols in fdts (87639aa)

        • split platform_info sds struct (4a7a9da)

        • zero out the DDR memory space (2d39b39)

      • N1SDP

        • add support for nt_fw_config (cf85030)

        • enable trusted board boot on n1sdp (fe2b37f)

      • RD

        • RD-N2

          • add board support for rdn2cfg2 variant (efeb438)

          • add support for rdedmunds variant (ef515f0)

      • SGI

        • add page table translation entry for secure uart (33d10ac)

        • deviate from arm css common uart related definitions (f2cccca)

        • enable fpregs context save and restore (18fa43f)

        • route TF-A logs via secure uart (987e2b7)

      • TC

      • Corstone-1000

        • identify bank to load fip (cf89fd5)

        • implement platform specific psci reset (a599c80)

        • made changes to accommodate 3MB for optee (854d1c1)

    • Intel

      • add macro to switch between different UART PORT (447e699)

      • add RSU ‘Max Retry’ SiP SMC services (4c26957)

      • add SiP service for DCMF status (984e236)

      • add SMC for enquiring firmware version (c34b2a7)

      • add SMC support for Get USERCODE (93a5b97)

      • add SMC support for HWMON voltage and temp sensor (52cf9c2)

      • add SMC support for ROM Patch SHA384 mailbox (77902fc)

      • add SMC/PSCI services for DCMF version support (44eb782)

      • add SMPLSEL and DRVSEL setup for Stratix 10 MMC (bb0fcc7)

      • add support for F2S and S2F bridge SMC with mask to enable, disable and reset bridge (11f4f03)

      • allow to access all register addresses if DEBUG=1 (7e954df)

      • create source file for firewall configuration (afa0b1a)

      • enable firewall for OCRAM in BL31 (ae19fef)

      • enable SMC SoC FPGA bridges enable/disable (b7f3044)

      • extend attestation service to Agilex family (581182c)

      • implement timer init divider via cpu frequency. (#1) (f65bdf3)

      • initial commit for attestation service (d174083)

      • single certificate feature enablement (7facace)

      • support AES Crypt Service (6726390)

      • support crypto service key operation (342a061)

      • support crypto service session (6dc00c2)

      • support ECDH request (4944686)

      • support ECDSA Get Public Key (d2fee94)

      • support ECDSA HASH Signing (6925410)

      • support ECDSA HASH Verification (7e25eb8)

      • support ECDSA SHA-2 Data Signature Verification (5830506)

      • support ECDSA SHA-2 Data Signing (07912da)

      • support extended random number generation (24f9dc8)

      • support HMAC SHA-2 MAC verify request (c05ea29)

      • support session based SDOS encrypt and decrypt (537ff05)

      • support SHA-2 hash digest generation on a blob (7e8249a)

      • support SiP SVC version (f0c40b8)

      • support version 2 SiP SVC SMC function ID for mailbox commands (c436707)

      • support version 2 SiP SVC SMC function ID for non-mailbox commands (ad47f14)

      • update to support maximum response data size (b703fac)

    • Marvell

      • Armada

        • A3K

          • add north and south bridge reset registers (a4d35ff)

    • MediaTek

      • introduce mtk makefile (500d40d)

      • MT8195

        • apply erratas of CA78 for MT8195 (c21a736)

        • add EMI MPU surppot for SCP and DSP (690cb12)

        • dump EMI MPU configurations (20ef588)

        • improve SPM wakeup log (ab45305)

      • MT8186

    • NXP

      • add SoC erratum a008850 (3d14a30)

      • add ifc nor and nand as io devices (b759727)

      • add RCPM2 registers definition (d374060)

      • add CORTEX A53 helper functions (3ccc8ac)

      • i.MX

        • i.MX 8M

          • add a simple csu driver for imx8m family (71c40d3)

          • add imx csu/rdc enum type defines for imx8m (0c6dfc4)

          • enable conditional build for SDEI (d2a339d)

          • enable the coram_s tz by default on imx8mn/mp (d5ede92)

          • enable the csu init on imx8m (0a76495)

          • do not release JR0 to NS if HAB is using it (77850c9)

          • switch to xlat_tables_v2 (4f8d5b0)

          • i.MX 8M Mini

            • enable optee fdt overlay support (9d0eed1)

            • enable Trusty OS on imx8mm (ff3acfe)

            • add support for measured boot (cb2c4f9)

          • i.MX 8M Plus

            • add trusty for imx8mp (8b9c21b)

            • enable BL32 fdt overlay support on imx8mp (aeff146)

          • i.MX 8M Nano

            • enable optee fdt overlay support (2612891)

            • enable Trusty OS for imx8mn (99349c8)

          • i.MX 8M Q

            • enable optee fdt overlay support (023750c)

            • enable trusty for imx8mq (a18e393)

      • Layerscape

        • add CHASSIS 3 support for tbbr (9550ce9)

        • add new soc errata a009660 support (785ee93)

        • add new soc errata a010539 support (85bd092)

        • add soc helper macro definition for chassis 3 (602cf53)

        • define more chassis 3 hardware address (0d396d6)

        • print DDR errata information (3412716)

        • LS1043A

          • add ls1043a soc support (3b0de91)

          • LS1043ARDB

            • add ls1043ardb board support (e4bd65f

        • LX2

          • enable DDR erratas for lx2 platforms (cd960f5)

        • LS1046A

          • add new SoC platform ls1046a (cc70859)

          • LS1046ARDB

            • add ls1046ardb board support (bb52f75)

          • LS1046AFRWY

            • add ls1046afrwy board support (b51dc56)

          • LS1046AQDS

            • add board ls1046aqds support (16662dc)

        • LS1088A

          • add new SoC platform ls1088a (9df5ba0)

          • LS1088ARDB

            • add ls1088ardb board support (2771dd0)

          • LS1088AQDS

            • add ls1088aqds board support (0b0e676)

    • QEMU

      • add SPMD support with SPMC at S-EL1 (f58237c)

      • add support for measured boot (5e69026)

    • QTI

      • MSM8916

        • allow booting secondary CPU cores (a758c0b)

        • initial platform port (dddba19)

        • setup hardware for non-secure world (af64473)

    • Renesas

      • R-Car

        • R-Car 3

          • modify sequence for update value for WUPMSKCA57/53 (d9912cf)

          • modify type for Internal function argument (ffb725b)

          • update IPL and Secure Monitor Rev.3.0.3 (14d9727)

    • ST

      • add a function to configure console (53612f7)

      • add STM32CubeProgrammer support on UART (fb3e798)

      • add STM32MP_UART_PROGRAMMER target (9083fa1)

      • add early console in BL2 (c768b2b)

      • disable authentication based on part_number (49abdfd)

      • get pin_count from the gpio-ranges property (d0f2cf3)

      • map 2MB for ROM code (1697ad8)

      • protect UART during platform init (acf28c2)

      • update stm32image tool for header v2 (2d8886a)

      • update the security based on new compatible (812daf9)

      • use newly introduced clock framework (33667d2)

      • ST32MP1

        • adaptations for STM32MP13 image header (a530874)

        • add “Boot mode” management for STM32MP13 (296ac80)

        • add a second fixed regulator (225ce48)

        • add GUID values for updatable images (8d6b476)

        • add GUID’s for identifying firmware images to be booted (41bd8b9)

        • add helper to enable high speed mode in low voltage (dea02f4)

        • add logic to pass the boot index to the Update Agent (ba02add)

        • add logic to select the images to be booted (8dd7553)

        • add NVMEM layout compatibility definition (dfbdbd0)

        • add part numbers for STM32MP13 (30eea11)

        • add regulator framework compilation (bba9fde)

        • add sdmmc compatible in platform define (3331d36)

        • add sign-compare warning (c10f3a4)

        • add stm32_get_boot_interface function (a6bfa75)

        • add support for building the FWU feature (ad216c1)

        • add support for reading the metadata partition (0ca180f)

        • add timeout in IO compensation (de02e9b)

        • allow configuration of DDR AXI ports number (88f4fb8)

        • call pmic_voltages_init() in platform init (ffd1b88)

        • chip rev. Z is 0x1001 on STM32MP13 (ef0b8a6)

        • enable BL2_IN_XIP_MEM to remove relocation sections (d958d10)

        • enable format-signedness warning (cff26c1)

        • get CPU info from SYSCFG on STM32MP13 (6512c3a)

        • introduce new flag for STM32MP13 (bdec516)

        • manage HSLV on STM32MP13 (fca10a8)

        • manage monotonic counter (f5a3688)

        • new way to access platform OTP (ae3ce8b)

        • preserve the PLL4 settings for USB boot (bf1af15)

        • register fixed regulator (967a8e6)

        • remove unsupported features on STM32MP13 (111a384)

        • retry 3 times FWU trial boot (f87de90)

        • select platform compilation either by flag or DT (99a5d8d)

        • skip TOS_FW_CONFIG if not in FIP (b706608)

        • stm32mp_is_single_core() for STM32MP13 (7b48a9f)

        • update BACKUP_BOOT_MODE for STM32MP13 (4b031ab)

        • update boot API for header v2.0 (5f52eb1)

        • update CFG0 OTP for STM32MP13 (1c37d0c)

        • update console management for SP_min (aafff04)

        • update IO compensation on STM32MP13 (8e07ab5)

        • update IP addresses for STM32MP13 (52ac998)

        • update memory mapping for STM32MP13 (48ede66)

        • updates for STM32MP13 device tree compilation (d38eaf9)

        • usb descriptor update for STM32MP13 (d59b9d5)

        • use clk_enable/disable functions (c7a66e7)

        • use only one filter for TZC400 on STM32MP13 (b7d0058)

        • warn when debug enabled on secure chip (ac4b8b0)

    • Texas Instruments

      • add enter sleep method (cf5868b)

      • add gic save and restore calls (b40a467)

      • add PSCI handlers for system suspend (2393c27)

      • allow build config of low power mode support (a9f46fa)

      • increase SEC_SRAM_SIZE to 128k (38164e6)

    • Xilinx

      • Versal

        • add SPP/EMU platform support for versal (be73459)

        • add common interfaces to handle EEMI commands (1397967)

        • add SMCCC call TF_A_PM_REGISTER_SGI (fcf6f46)

        • add support to reset SGI (bf70449)

        • add UART1 as console (2c79149)

        • enhance PM_IOCTL EEMI API to support additional arg (d34a5db)

        • get version for ATF related EEMI APIs (da6e654)

        • remove the time stamp configuration (18e2a79)

      • ZynqMP

        • disable the -mbranch-protection flag (67abd47)

        • fix section coherent_ram' will not fit in region RAM’ (9b4ed0a)

        • add feature check support (223a628)

        • add support to get info of xilfpga (cc077c2)

        • add uart1 as console (ea66e4a)

        • increase the max xlat tables when debug build is enabled (4c4b961)

        • pass ioctl calls to firmware (76ff8c4)

        • pm_api_clock_get_num_clocks cleanup (e682d38)

  • Bootloader Images

    • add XLAT tables symbols in linker script (bb5b942)

    • BL2

      • add support to separate no-loadable sections (96a8ed1)

    • BL31

      • aarch64: RESET_TO_BL31_WITH_PARAMS (25844ff)

  • Services

    • RME

      • add dummy platform token to RMMD (0f9159b)

      • add dummy realm attestation key to RMMD (a043510)

    • SPM

      • update ff-a boot protocol documentation (573ac37)

      • EL3 SPMC

        • allow BL32 specific defines to be used by SPMC_AT_EL3 (2d65ea1)

        • add plat hook for memory transactions (a8be4cd)

        • add EL3 SPMC #defines (44639ab)

        • introduce accessor function to obtain datastore (6a0788b)

        • add FF-A secure partition manager core (5096aeb)

        • add FFA_FEATURES handler (55a2963)

        • add FFA_PARTITION_INFO_GET handler (f74e277)

        • add FFA_RUN handler (aad20c8)

        • add FFA_RX_RELEASE handler (f0c25a0)

        • add function to determine the return path from the SPMC (20fae0a)

        • add helper function to obtain endpoint mailbox (f16b6ee)

        • add helper function to obtain hyp structure (a7c0050)

        • add helper to obtain a partitions FF-A version (c2b1434)

        • add partition mailbox structs (e1df600)

        • add support for direct req/resp (9741327)

        • add support for FF-A power mgmt. messages in the EL3 SPMC (59bd2ad)

        • add support for FFA_MSG_WAIT (c4db76f)

        • add support for FFA_SPM_ID_GET (46872e0)

        • add support for forwarding a secure interrupt to the SP (729d779)

        • add support for handling FFA_ERROR ABI (d663fe7)

        • add support for v1.1 FF-A boot protocol (2e21921)

        • add support for v1.1 FF-A memory data structures (7e804f9)

        • enable building of the SPMC at EL3 (1d63ae4)

        • enable checking of execution ctx count (5b0219d)

        • enable handling FF-A RX/TX Mapping ABIs (1a75224)

        • enable handling FFA_VERSION ABI (0c7707f)

        • enable handling of the NS bit (0560b53)

        • enable parsing of messaging methods from manifest (3de378f)

        • enable parsing of UUID from SP Manifest (857f579)

        • enable the SPMC to pass the linear core ID in a register (f014300)

        • prevent read only xlat tables with the EL3 SPMC (70d986d)

        • support FFA_ID_GET ABI (d5fe923)

        • allow forwarding of FFA_FRAG_RX/TX calls (642db98)

        • enable handling of FF-A SMCs with the SPMC at EL3 (bb01a67)

        • update SPMC init flow to use EL3 implementation (6da7607)

        • add logical partition framework (7affa25)

        • add FF-A memory management code (e0b1a6d)

        • prevent duplicated sharing of memory regions (fef85e1)

        • support multiple endpoints in memory transactions (f0244e5)

      • SPMD

        • forward FFA_VERSION from SPMD to SPMC (9944f55)

        • enable SPMD to forward FFA_VERSION to EL3 SPMC (9576fa9)

        • add FFA_MSG_SEND2 forwarding in SPMD (c2eba07)

        • add FFA_RX_ACQUIRE forwarding in SPMD (d555233)

      • SPM MM

        • add support to save and restore fp regs (15dd6f1)

  • Libraries

    • CPU Support

      • add library support for Poseidon CPU (1471475)

      • add support for Cortex-X1 (6e8eca7)

      • add L1PCTL macro definiton for CPUACTLR_EL1 (8bbb1d8)

    • EL3 Runtime

      • add arch-features detection mechanism (6a0da73)

      • replace ARM_ARCH_AT_LEAST macro with FEAT flags (0ce220a)

    • FCONF

      • add a helper to get image index (9e3f409)

      • add NS load address in configuration DTB nodes (ed4bf52)

    • Standard C Library

      • add support for length specifiers (701e94b)

    • PSA

  • Drivers

    • Generic Clock

      • add a minimal clock framework (847c6bc)

    • FWU

      • add a function to pass metadata structure to platforms (9adce87)

      • add basic definitions for GUID handling (19d63df)

      • add platform hook for getting the boot index (40c175e)

      • pass a const metadata structure to platform routines (6aaf257)

      • simplify the assert to check for fwu init (40b085b)

    • Measured Boot

    • GUID Partition Tables Support

      • add a function to identify a partition by GUID (3cb1065)

      • cleanup partition and gpt headers (2029f93)

      • copy the partition GUID into the partition structure (7585ec4)

      • make provision to store partition GUID value (938e8a5)

      • verify crc while loading gpt header (a283d19)

    • Arm

      • GIC

        • allow overriding GICD_PIDR2_GICV2 address (a7521bd)

        • GIC-600AE

          • disable SMID for unavailable blocks (3f0094c)

          • enable all GICD, PPI, ITS SMs (6a1c17c)

          • introduce support for RAS error handling (308dce4)

      • SMMU

        • add SMMU abort transaction function (6c5c532)

        • configure SMMU Root interface (52a314a)

      • MHU

      • RSS

        • add RSS communication driver (ce0c40e)

      • TZC

        • TZC-380

          • add sub-region register definition (fdafe2b)

    • Marvell

      • Armada

        • A3K

          • A3720

            • preserve x1/x2 regs in console_a3700_core_init() (7c85a75)

    • MediaTek

      • APU

        • add mt8195 APU clock and pll SiP call (296b590)

        • add mt8195 APU iommap regions (339e492)

        • add mt8195 APU mcu boot and stop SiP call (88906b4)

    • NXP

      • DCFG

        • add Chassis 3 support (df02aee)

        • add gic address align register definition (3a8c9d7)

        • add some macro definition (1b29fe5)

      • NXP Crypto

      • DDR

        • add rawcard 1F support (f2de48c)

        • add workaround for errata A050958 (291adf5)

      • GIC

        • add some macros definition for gicv3 (9755fd2)

      • CSU

        • add bypass bit mask definition (ec5fc50)

      • IFC NAND

        • add IFC NAND flash driver (28279cf)

      • IFC NOR

        • add IFC nor flash driver (e2fdc77)

      • TZC-380

        • add tzc380 platform driver support (de9e57f)

    • ST

      • introduce fixed regulator driver (5d6a264)

      • Clock

        • add clock driver for STM32MP13 (9be88e7)

        • assign clocks to the correct BL (7418cf3)

        • check HSE configuration in serial boot (31e9750)

        • define secure and non-secure gate clocks (aaa09b7)

        • do not refcount on non-secure clocks in bl32 (3d69149)

        • manage disabled oscillator (bcccdac)

      • DDR

        • add read valid training support (5def13e)

      • GPIO

        • allow to set a gpio in output mode (53584e1)

        • do not apply secure config in BL2 (fc0aa10)

        • add a function to reset a pin (737ad29)

      • SDMMC2

        • allow compatible to be defined in platform code (6481a8f)

        • manage cards power cycle (258bef9)

      • ST PMIC

        • add pmic_voltages_init() function (5278ec3)

        • register the PMIC to regulator framework (85fb175)

      • STPMIC1

      • Regulator

        • add support for regulator-always-on (9b4ca70)

        • add a regulator framework (d5b4a2c)

      • UART

        • manage oversampling by 8 (1f60d1b)

        • add uart driver for STM32MP1 (165ad55)

  • Miscellaneous

    • Debug

      • update print_memory_map.py (d16bfe0)

    • DT Bindings

      • add bindings for STM32MP13 (1b8898e)

      • add TZC400 bindings for STM32MP13 (24d3da7)

    • FDT Wrappers

      • add function to find or add a sudnode (dea8ee0)

    • FDTs

      • add the ability to supply idle state information (2b2b565)

      • STM32MP1

        • add DDR support for STM32MP13 (e6fddbc)

        • add DT files for STM32MP13 (3b99ab6)

        • add nvmem_layout node and OTP definitions (ff8767c)

        • add st-io_policies node for STM32MP13 (2bea351)

        • add support for STM32MP13 DK board (2b7f7b7)

        • update NVMEM nodes (375b79b)

  • Documentation

    • context management refactor proposal (3274226)

    • Threat Model

      • Threat Model for TF-A v8-R64 Support (dc66922)

  • Tools

    • Secure Partition Tool

      • add python SpSetupActions framework (b1e6a41)

      • delete c version of the sptool (f4ec476)

      • python version of the sptool (2e82874

      • use python version of sptool (822c727)

13.6.2. Resolved Issues

  • Architecture

    • Activity Monitors Extension (FEAT_AMU)

      • add default value for ENABLE_FEAT_FGT and ENABLE_FEAT_ECV flags (820371b)

      • fault handling on EL2 context switch (f74cb0b)

      • limit virtual offset register access to NS world (a4c3945)

    • Scalable Vector Extension (FEAT_SVE)

      • disable ENABLE_SVE_FOR_NS for AARCH32 (24ab2c0)

  • Platforms

    • Allwinner

      • improve DTB patching error handling (79808f1)

    • Arm

      • fix fvp and juno build with USE_ROMLIB option (861250c)

      • increase ARM_BL_REGIONS count (dcb1959)

      • remove reclamation of functions starting with “init” (6c87abd)

      • use PLAT instead of TARGET_PLATFORM (c5f3de8)

      • fix SP count limit without dual root CoT (9ce15fe)

      • FVP

        • FCONF Trace Not Shown (0c55c10)

        • disable reclaiming init code by default (fdb9166)

        • extend memory map to include all DRAM memory regions (e803542)

        • fix NULL pointer dereference issue (a42b426)

        • op-tee sp manifest doesn’t map gicd (69cde5c)

      • Morello

        • change the AP runtime UART address (07302a2)

        • fix SoC reference clock frequency (e8b7a80)

        • include errata workaround for 1868343 (f94c84b)

      • SGI

        • disable SVE for NS to support SPM_MM builds (78d7e81)

      • TC

        • remove the bootargs node (68fe3ce)

      • Corstone-1000

        • change base address of FIP in the flash (1559450)

    • Broadcom

      • allow build to specify mbedTLS absolute path (903d574)

      • fix the build failure with mbedTLS config (95b5c01)

    • Intel

      • add flash dcache after return response for INTEL_SIP_SMC_MBOX_SEND_CMD (ac097fd)

      • allow non-secure access to FPGA Crypto Services (FCS) (4837a64)

      • always set doorbell to SDM after sending command (e93551b)

      • assert if bl_mem_params is NULL pointer (35fe7f4)

      • bit-wise configuration flag handling (276a436)

      • change SMC return arguments for INTEL_SIP_SMC_MBOX_SEND_CMD (108514f)

      • configuration status based on start request (e40910e)

      • define macros to handle buffer entries (7db1895)

      • enable HPS QSPI access by default (000267b)

      • extend SDM command to return the SDM firmware version (c026dfe)

      • extending to support large file size for AES encryption and decryption (dcb144f)

      • extending to support large file size for SHA-2 ECDSA data signing and signature verifying (1d97dd7)

      • extending to support large file size for SHA2/HMAC get digest and verifying (70a7e6a)

      • fix bit masking issue in intel_secure_reg_update (c9c0709)

      • fix configuration status based on start request (673afd6)

      • fix ddr address range checker (12d71ac)

      • fix ECC Double Bit Error handling (c703d75)

      • fix fpga config write return mechanism (ef51b09)

      • flush dcache before sending certificate to mailbox (49d44ec)

      • get config status OK status (07915a4)

      • introduce a generic response error code (651841f)

      • make FPGA memory configurations platform specific (f571183)

      • modify how configuration type is handled (ec4f28e)

      • null pointer handling for resp_len (a250c04)

      • refactor NOC header (bc1a573)

      • reject non 4-byte align request size for FPGA Crypto Service (FCS) (52ed157)

      • remove redundant NOC header declarations (58690cd)

      • remove unused printout (0d19eda)

      • update certificate mask for FPGA Attestation (fe5637f)

      • update encryption and decryption command logic (02d3ef3)

      • use macro as return value (e0fc2d1)

    • Marvell

      • Armada

        • A3K

          • change fatal error to warning when CM3 reset is not implemented (30cdbe7)

          • fix comment about BootROM address range (5a60efa)

    • Mediatek

      • MT8186

        • remove unused files in drivers/mcdi (bc714ba)

        • extend MMU region size (0fe7ae9)

    • NVIDIA

      • Tegra

        • Tegra 194

          • remove incorrect erxctlr assert (e272c61)

    • NXP

      • fix total dram size checking (0259a3e)

      • increase soc name maximum length (3ccd7e4)

      • i.MX

        • i.MX 8M

          • check the validation of domain id (eb7fb93)

          • i.MX 8M Plus

            • change the BL31 physical load address (32d5042)

      • Layerscape

        • fix build issue of mmap_add_ddr_region_dynamically (e2818d0)

        • fix coverity issue (5161cfd)

        • update WA for Errata A-050426 (72feaad)

        • LX2

    • Renesas

      • R-Car

        • R-Car 3

          • change stack size of BL31 (d544dfc)

          • fix SYSTEM_OFF processing for R-Car D3 (1b49ba0)

          • fix to bit operation for WUPMSKCA57/53 (82bb6c2)

    • Socionext

      • Synquacer

        • initialise CNTFRQ in Non Secure CNTBaseN (4d4911d)

    • ST

      • add missing header include (b1391b2)

      • don’t try to read boot partition on SD cards (9492b39)

      • fix NULL pointer dereference issues (2deff90)

      • manage UART clock and reset only in BL2 (9e52d45)

      • remove extra chars from dtc version (03d2077)

      • ST32MP1

        • add missing debug.h (356ed96)

        • correct dtc version check (429f10e)

        • correct include order (ff7675e)

        • correct types in messages (43bbdca)

        • deconfigure UART RX pins (d7176f0)

        • do not reopen debug features (21cfa45)

        • fix enum prints (ceab2fc)

        • include assert.h to fix build failure (570c71b)

        • remove interrupt_provider warning for dtc (ca88c76)

        • restrict DEVICE2 mapping in BL2 (db3e0ec)

        • rework switch/case for MISRA (f7130e8)

        • set reset pulse duration to 31ms (9a73a56)

    • Xilinx

      • fix coding style violations (bb1768c)

      • fix mismatching function prototype (81333ea)

      • Versal

        • resolve misra R10.1 in pm services (775bf1b)

        • resolve misra R10.3 (b2bb3ef)

        • resolve misra R10.3 in pm services (5d1c211)

        • resolve misra R10.6 (93d4625)

        • resolve misra R10.6 in pm services (fa98d7f)

        • resolve misra R14.4 (a62c40d)

        • resolve misra R15.6 (b9fa2d9)

        • resolve misra R15.6 in pm services (4156719)

        • resolve misra R15.7 (bc2637e)

        • resolve misra R16.3 in pm services (27ae531)

        • resolve misra R17.7 (526a1fd)

        • resolve misra R20.7 in pm services (5dada62)

        • resolve misra R7.2 (0623dce)

        • fix coverity scan warnings (0b15187)

        • fix the incorrect log message (ea04b3f)

      • ZynqMP

        • define and enable ARM_XLAT_TABLES_LIB_V1 (c884c9a)

        • query node status to power up APU (b35b556)

        • resolve misra 7.2 warnings (5bcbd2d)

        • resolve misra 8.3 warnings (944e7ea)

        • resolve misra R10.3 (2b57da6)

        • resolve misra R14.4 warnings (dd1fe71)

        • resolve misra R15.6 warnings (eb0d2b1)

        • resolve misra R15.7 warnings (16de22d)

        • resolve misra R16.3 warnings (e7e5d30)

        • resolve misra R8.4 warnings (610eeac)

        • update the log message to verbose (1277af9)

        • use common interface for eemi apis (a469c1e)

  • Bootloader Images

    • BL1

      • invalidate SP in data cache during secure SMC (f1cbbd6)

    • BL2

      • correct messages with image_id (e4c77db)

      • define RAM_NOLOAD for XIP (cc562e7)

  • Services

    • RME

      • enable/disable SVE/FPU for Realms (a4cc85c)

      • align RMI and GTSI FIDs with SMCCC (b9fd2d3)

      • preserve x4-x7 as per SMCCCv1.1 (1157830)

      • TRP

        • Distinguish between cold and warm boot (00e8113)

    • SPM

      • EL3 SPMC

        • fix incorrect FF-A version usage (25eb2d4)

        • fix FF-A memory transaction validation (3954bc3)

  • Libraries

    • CPU Support

      • workaround for Cortex-A710 2282622 (ef934cd)

      • workaround for Cortex-A710 erratum 2267065 (cfe1a8f)

      • workaround for Cortex A78 AE erratum 2376748 (92e8708)

      • workaround for Cortex A78 AE erratum 2395408 (3f4d81d)

      • workaround for Cortex X2 erratum 2002765 (34ee76d)

      • workaround for Cortex X2 erratum 2058056 (e16045d)

      • workaround for Cortex X2 erratum 2083908 (1db6cd6)

      • workaround for Cortex-A510 erratum 1922240 (8343563)

      • workaround for Cortex-A510 erratum 2041909 (e72bbe4)

      • workaround for Cortex-A510 erratum 2042739 (d48088a)

      • workaround for Cortex-A510 erratum 2172148 (c0959d2)

      • workaround for Cortex-A510 erratum 2218950 (cc79018)

      • workaround for Cortex-A510 erratum 2250311 (7f304b0)

      • workaround for Cortex-A510 erratum 2288014 (d5e2512)

      • workaround for Cortex-A710 erratum 2008768 (af220eb)

      • workaround for Cortex-A710 erratum 2136059 (8a855bd)

      • workaround for Cortex-A78 erratum 2376745 (5d796b3)

      • workaround for Cortex-A78 erratum 2395406 (3b577ed)

      • workaround for Cortex-X2 errata 2017096 (e7ca443)

      • workaround for Cortex-X2 errata 2081180 (c060b53)

      • workaround for Cortex-X2 erratum 2147715 (63446c2)

      • workaround for Cortex-X2 erratum 2216384 (4dff759)

      • workaround for DSU-110 erratum 2313941 (7e3273e)

      • workaround for Rainier erratum 1868343 (a72144f)

      • workarounds for cortex-x1 errata (7b76c20)

      • use CPU_NO_EXTRA3_FUNC for all variants (b2ed998)

    • EL3 Runtime

      • set unset pstate bits to default (7d33ffe)

      • Context Management

        • add barrier before el3 ns exit (0482503)

        • remove registers accessible only from secure state from EL2 context (7f41bcc)

        • refactor the cm_setup_context function (2bbad1d)

        • remove initialization of EL2 registers when EL2 is used (fd5da7a)

        • add cm_prepare_el3_exit_ns function (8b95e84)

        • refactor initialization of EL1 context registers (b515f54)

    • FCONF

      • correct image_id type in messages (cec2fb2)

    • PSCI

      • correct parent_node type in messages (b9338ee)

    • GPT

      • rework delegating/undelegating sequence (6a00e9b)

    • Translation Tables

      • fix bug on VERBOSE trace (956d76f)

    • Standard C Library

      • correct some messages (a211fde)

      • fix snprintf corner cases (c1f5a09)

      • limit snprintf radix value (b30dd40)

      • snprintf: include stdint.h (410c925)

    • Locks

  • Drivers

    • FWU

      • rename is_fwu_initialized (aae7c96)

    • I/O

      • MTD

        • correct types in messages (6e86b46)

    • Measured Boot

      • add RMM entry to event_log_metadata (f4e3e1e)

    • MTD

      • correct types in messages (6e86b46)

    • SCMI

      • add missing \n in ERROR message (0dc9f52)

      • make msg_header variable volatile (99477f0)

      • use same type for message_id (2355ebf)

    • UFS

      • delete call to inv_dcache_range for utrd (c5ee858)

      • disables controller if enabled (b3f03b2)

      • don’t zero out buf before ufs read (2ef6b8d)

      • don’t zero out the write buffer (cd3ea90)

      • fix cache maintenance issues (38a5ecb)

      • move nutrs assignment to ufs_init (0956319)

      • read and write attribute based on spec (a475518)

    • Arm

      • GIC

        • GICv3

          • fix iroute value wrong issue (65bc2d2)

      • TZC

        • TZC-400

          • correct message with filter (bdc88d2)

    • Marvell

      • COMPHY

        • change reg_set() / reg_set16() to update semantics (95c26d6)

        • Armada 3700

          • drop MODE_REFDIV constant (9fdecc7)

          • fix comment about COMPHY status register (4bcfd8c)

          • fix comments about selector register values (71183ef)

          • fix Generation Setting registers names (e5a2aac)

          • fix PIN_PU_IVREF register name (c9f138e)

          • fix reference clock selection value names (6ba97f8)

          • fix SerDes frequency register value name (bdcf44f)

          • use reg_set() according to update semantics (4d01bfe)

      • Armada

        • A3K

          • A3720

            • configure UART after TX FIFO reset (15546db)

            • do external reset during initialization (0ee80f3)

    • NXP

      • ddr: corrects mapping of HNFs nodes (e3a2349)

      • QSPI

        • fix include path for QSPI driver (ae95b17)

      • NXP Crypto

        • refine code to avoid hang issue for some of toolchain (fa7fdfa)

      • DDR

    • ST

      • Clock

        • check _clk_stm32_get_parent return (b8eab51)

        • correct stm32_clk_parse_fdt_by_name (7417cda)

        • correct types in error messages (44fb470)

        • initialize pllcfg table (175758b)

        • print enums as unsigned (9fa9a0c)

      • DDR

      • FMC

      • fix type in message (afcdc9d)

      • SDMMC2

        • check regulator enable/disable return (d50e7a7)

        • correct cmd_idx type in messages (bc1c98a)

      • ST PMIC

        • add static const to pmic_ops (57e6018)

        • correct verbose message (47065ff)

      • SPI

        • always check SR_TCF flags in stm32_qspi_wait_cmd() (55de583)

        • remove SR_BUSY bit check before sending command (5993b91)

      • UART

        • correctly fill BRR register (af7775a)

    • USB

      • correct type in message (bd9cd63)

  • Miscellaneous

    • AArch64

      • fix encodings for MPAMVPM* registers (e926558)

    • FDTs

      • STM32MP1

        • correct memory mapping for STM32MP13 (99605fb)

        • remove mmc1 alias if not needed (a0e9724)

    • PIE

      • align fixup_gdt_reloc() for aarch64 (5ecde2a)

      • do not skip RW_END address during relocation (4f1a658)

    • Security

      • apply SMCCC_ARCH_WORKAROUND_3 to A73/A75/A72/A57 (9b2510b)

      • loop workaround for CVE-2022-23960 for Cortex-A76 (a10a5cb)

      • report CVE 2022 23960 missing for aarch32 A57 and A72 (2e5d7a4)

      • update Cortex-A15 CPU lib files for CVE-2022-23960 (187a617)

      • workaround for CVE-2022-23960 (c2a1521)

      • workaround for CVE-2022-23960 (1fe4a9d)

      • workaround for CVE-2022-23960 for A76AE, A78AE, A78C (5f802c8)

      • workaround for CVE-2022-23960 for Cortex-A57, Cortex-A72 (be9121f)

      • workaround for CVE-2022-23960 for Cortex-X1 (e81e999)

  • Tools

    • NXP Tools

      • fix create_pbl print log (31af441)

      • fix tool location path for byte_swape (a89412a)

    • Firmware Image Package Tool

      • avoid packing the zero size images in the FIP (ab556c9)

      • respect OPENSSL_DIR (0a956f8

    • Secure Partition Tool

      • add leading zeroes in UUID conversion (b06344a)

      • update Optee FF-A manifest (ca0fdbd)

    • Certificate Creation Tool

      • let distclean Makefile target remove the cert_create tool (e15591a)

  • Dependencies

    • commitlint

      • change scope-case to lower-case (804e52e)

13.7. 2.6.0 (2021-11-22)

13.7.1. ⚠ BREAKING CHANGES

  • Architecture

    • Activity Monitors Extension (FEAT_AMU)

      • The public AMU API has been reduced to enablement only to facilitate refactoring work. These APIs were not previously used.

        See: privatize unused AMU APIs (b4b726e)

      • The PLAT_AMU_GROUP1_COUNTERS_MASK platform definition has been removed. Platforms should specify per-core AMU counter masks via FCONF or a platform-specific mechanism going forward.

        See: remove PLAT_AMU_GROUP1_COUNTERS_MASK (6c8dda1)

  • Libraries

    • FCONF

      • FCONF is no longer added to BL1 and BL2 automatically when the FCONF Makefile (fconf.mk) is included. When including this Makefile, consider whether you need to add ${FCONF_SOURCES} and ${FCONF_DYN_SOURCES} to BL1_SOURCES and BL2_SOURCES.

        See: clean up source collection (e04da4c)

  • Drivers

    • Arm

      • Ethos-N

        • multi-device support

          See: multi-device support (1c65989)

13.7.2. New Features

  • Architecture

    • Activity Monitors Extension (FEAT_AMU)

      • enable per-core AMU auxiliary counters (742ca23)

    • Support for the HCRX_EL2 register (FEAT_HCX)

      • add build option to enable FEAT_HCX (cb4ec47)

    • Scalable Matrix Extension (FEAT_SME)

      • enable SME functionality (dc78e62)

    • Scalable Vector Extension (FEAT_SVE)

      • enable SVE for the secure world (0c5e7d1)

    • System Register Trace Extensions (FEAT_ETMv4, FEAT_ETE and FEAT_ETEv1.1)

      • enable trace system registers access from lower NS ELs (d4582d3)

      • initialize trap settings of trace system registers access (2031d61)

    • Trace Buffer Extension (FEAT_TRBE)

      • enable access to trace buffer control registers from lower NS EL (813524e)

      • initialize trap settings of trace buffer control registers access (40ff907)

    • Self-hosted Trace Extension (FEAT_TRF)

      • enable trace filter control register access from lower NS EL (8fcd3d9)

      • initialize trap settings of trace filter control registers access (5de20ec)

    • RME

      • add context management changes for FEAT_RME (c5ea4f8)

      • add ENABLE_RME build option and support for RMM image (5b18de0)

      • add GPT Library (1839012)

      • add Realm security state definition (4693ff7)

      • add register definitions and helper functions for FEAT_RME (81c272b)

      • add RMM dispatcher (RMMD) (77c2775)

      • add Test Realm Payload (TRP) (50a3056)

      • add xlat table library changes for FEAT_RME (3621823)

      • disable Watchdog for Arm platforms if FEAT_RME enabled (07e96d1)

      • run BL2 in root world when FEAT_RME is enabled (6c09af9)

  • Platforms

    • Allwinner

    • Arm

      • add FWU support in Arm platforms (2f1177b)

      • add GPT initialization code for Arm platforms (deb4b3a)

      • add GPT parser support (ef1daa4)

      • enable PIE when RESET_TO_SP_MIN=1 (7285fd5)

      • FPGA

        • add ITS autodetection (d7e39c4)

        • add kernel trampoline (de9fdb9)

        • determine GICR base by probing (93b785f)

        • query PL011 to learn system frequency (d850169)

        • support GICv4 images (c69f815)

        • write UART baud base clock frequency into DTB (422b44f)

      • FVP

        • enable external SP images in BL2 config (33993a3)

        • add memory map for FVP platform for FEAT_RME (c872072)

        • add RMM image support for FVP platform (9d870b7)

        • enable trace extension features by default (cd3f0ae)

        • pass Event Log addr and size from BL1 to BL2 (0500f44)

      • FVP-R

        • support for TB-R has been added

        • configure system registers to boot rich OS (28bbbf3)

      • RD

        • RD-N2

          • add support for variant 1 of rd-n2 platform (fe5d5bb)

          • add tzc master source ids for soc dma (3139270)

      • SGI

        • add CPU specific handler for Neoverse N2 (d932a58)

        • add CPU specific handler for Neoverse V1 (cbee43e)

        • increase max BL2 size (7186a29)

        • enable AMU for RD-V1-MC (e8b119e)

        • enable use of PSCI extended state ID format (7bd64c7)

        • introduce platform variant build option (cfe1506)

      • TC

        • enable MPMM (c19a82b)

        • Enable SVE for both secure and non-secure world (10198ea)

        • populate HW_CONFIG in BL31 (34a87d7)

        • introduce TC1 platform (6ec0c65)

        • add DRAM2 to TZC non-secure region (76b4a6b)

        • add bootargs node (4a840f2)

        • add cpu capacity to provide scheduling information (309f593)

        • add Ivy partition (a19bd32)

        • add support for trusted services (ca93248)

        • update Matterhorn ELP DVFS clock index (a2f6294)

        • update mhuv2 dts node to align with upstream driver (63067ce)

      • Diphda

        • adding the diphda platform (bf3ce99)

        • disabling non volatile counters in diphda (7f70cd2)

        • enabling stack protector for diphda (c7e4f1c)

    • Marvell

      • introduce t9130_cex7_eval (d01139f)

      • Armada

        • A8K

          • allow overriding default paths (0b702af)

    • MediaTek

      • enable software reset for CIRQ (b3b162f)

      • MT8192

        • add DFD control in SiP service (5183e63)

      • MT8195

        • add DFD control in SiP service (3b994a7)

        • add display port control in SiP service (7eb4223)

        • remove adsp event from wakeup source (c260b32)

        • add DCM driver (49d3bd8)

        • add EMI MPU basic drivers (75edd34)

        • add SPM suspend driver (859e346)

        • add support for PTP3 (0481896)

        • add vcore-dvfs support (d562130)

        • support MCUSYS off when system suspend (d336e09)

    • NXP

      • add build macro for BOOT_MODE validation checking (cd1280e)

      • add CCI and EPU address definition (6cad59c)

      • add EESR register definition (8bfb168)

      • add SecMon register definition for ch_3_2 (66f7884)

      • define common macro for ARM registers (35efe7a)

      • define default PSCI features if not defined (a204785)

      • define default SD buffer (4225ce8)

      • i.MX

        • i.MX 8M

          • add sdei support for i.MX8MN (ce2be32)

          • add sdei support for i.MX8MP (6b63125)

          • add SiP call for secondary boot (9ce232f)

          • add system_reset2 implementation (60a0dde)

          • i.MX 8M Mini

            • enlarge BL33 (U-boot) size in FIP (d53c9db)

          • i.MX 8M Plus

            • add imx8mp_private.h to the build (91566d6)

            • add in BL2 with FIP (75fbf55)

            • add initial definition to facilitate FIP layout (f696843)

            • enable Trusted Boot (a16ecd2)

      • Layerscape

        • add ls1028a soc and board support (52a1e9f)

        • LX2

          • add SUPPORTED_BOOT_MODE definition (28b3221)

          • LS1028A

            • add ls1028a soc support (9d250f0)

            • LS1028ARDB

              • add ls1028ardb board support (34e2112)

    • QTI

      • SC7280

        • add support for pmk7325 (b8a0511)

        • support for qti sc7280 plat (46ee50e)

    • Renesas

      • R-Car

        • change process for Suspend To RAM (731aa26)

        • R-Car 3

          • add a DRAM size setting for M3N (f95d551)

          • add new board revision for Salvator-XS/H3ULCB (4379a3e)

          • add optional support for gzip-compressed BL33 (ddf2ca0)

          • add process of SSCG setting for R-Car D3 (14f0a08)

          • add process to back up X6 and X7 register’s value (7d58aed)

          • add SYSCEXTMASK bit set/clear in scu_power_up (63a7a34)

          • apply ERRATA_A53_1530924 and ERRATA_A57_1319537 (2892fed)

          • change the memory map for OP-TEE (a4d821a)

          • emit RPC status to DT fragment if RPC unlocked (12c75c8)

          • keep RWDT enabled (8991086)

          • modify LifeC register setting for R-Car D3 (5460f82)

          • modify operation register from SYSCISR to SYSCISCR (d10f876)

          • modify SWDT counter setting for R-Car D3 (053c134)

          • remove access to RMSTPCRn registers in R-Car D3 (71f2239)

          • update DDR setting for R-Car D3 (042d710)

          • update IPL and Secure Monitor Rev.3.0.0 (c5f5bb1)

          • use PRR cut to determine DRAM size on M3 (42ffd27)

    • ST

      • add a new DDR firewall management (4584e01)

      • add a USB DFU stack (efbd65f)

      • add helper to save boot interface (7e87ba2)

      • add STM32CubeProgrammer support on USB (afad521)

      • add STM32MP_EMMC_BOOT option (214c8a8)

      • create new helper for DT access (ea97bbf)

      • implement platform functions for SMCCC_ARCH_SOC_ID (3d20178)

      • improve FIP image loading from MMC (18b415b)

      • manage io_policies with FCONF (d5a84ee)

      • use FCONF to configure platform (29332bc)

      • use FIP to load images (1d204ee)

      • ST32MP1

        • add STM32MP_USB_PROGRAMMER target (fa92fef)

        • add USB DFU support for STM32MP1 (942f6be)

    • Xilinx

      • Versal

        • add support for SLS mitigation (302b4df)

      • ZynqMP

        • add support for runtime feature config (578f468)

        • sync IOCTL IDs (38c0b25)

        • add SDEI support (4143268)

        • add support for XCK26 silicon (7a30e08)

        • extend DT description by TF-A (0a8143d)

  • Bootloader Images

    • import BL_NOBITS_{BASE,END} when defined (9aedca0)

  • Services

    • FF-A

      • adding notifications SMC IDs (fc3f480)

      • change manifest messaging method (bb320db)

      • feature retrieval through FFA_FEATURES call (96b71eb)

      • update FF-A version to v1.1 (e1c732d)

      • add Ivy partition to tb fw config (1bc02c2)

      • add support for FFA_SPM_ID_GET (70c121a)

      • route secure interrupts to SPMC (8cb99c3)

  • Libraries

    • CPU Support

      • add support for Hayes CPU (7bd8dfb)

      • add support for Hunter CPU (fb9e5f7)

      • add support for Demeter CPU (f4616ef)

      • workaround for Cortex A78 AE erratum 1941500 (47d6f5f)

      • workaround for Cortex A78 AE erratum 1951502 (8913047)

    • MPMM

    • OP-TEE

      • introduce optee_header_is_valid() (b84a850)

    • PSCI

      • require validate_power_state to expose CPU_SUSPEND (a1d5ac6)

    • SMCCC

      • add bit definition for SMCCC_ARCH_SOC_ID (96b0596)

  • Drivers

    • FWU

      • add FWU metadata header and build options (5357f83)

      • add FWU driver (0ec3ac6)

      • avoid booting with an alternate boot source (4b48f7b)

      • avoid NV counter upgrade in trial run state (c0bfc88)

      • initialize FWU driver in BL2 (396b339)

      • introduce FWU platform-specific functions declarations (efb2ced)

    • I/O

      • MTD

        • offset management for FIP usage (9a9ea82)

    • Measured Boot

      • add documentation to build and run PoC (a125c55)

      • move init and teardown functions to platform layer (47bf3ac)

      • image hash measurement and recording in BL1 (48ba034)

      • update tb_fw_config with event log properties (e742bcd)

    • MMC

      • boot partition read support (5014b52)

    • MTD

      • NAND

        • count bad blocks before a given offset (bc3eebb)

    • SCMI

      • add power domain protocol (7e4833c)

    • Arm

      • Ethos-N

      • GIC

        • GICv3

          • detect GICv4 feature at runtime (858f40e)

          • introduce GIC component identification (73a643e)

          • multichip: detect GIC-700 at runtime (feb7081)

          • GIC-600AE

            • introduce support for Fault Management Unit (2c248ad)

      • TZC

        • TZC-400

          • update filters by region (ce7ef9d)

    • MediaTek

      • APU

        • add mt8192 APU device apc driver (f46e1f1)

        • add mt8192 APU iommap regions (2671f31)

        • add mt8192 APU SiP call support (ca4c0c2)

        • setup mt8192 APU_S_S_4 and APU_S_S_5 permission (77b6801)

      • EMI MPU

        • add MPU support for DSP (6c4973b)

    • NXP

      • DCFG

      • FLEXSPI

        • add MT35XU02G flash info (a4f5015)

    • Renesas

      • R-Car3

        • add extra offset if booting B-side (993d809)

        • add function to judge a DDR rank (726050b)

    • ST

      • manage boot part in io_mmc (f3d2750)

      • USB

        • add device driver for STM32MP1 (9a138eb)

    • USB

  • Miscellaneous

    • Debug

      • add new macro ERROR_NL() to print just a newline (fd1360a)

    • CRC32

      • Hardware CRC32

        • add support for HW computed CRC (a1cedad)

      • Software CRC32

        • add software CRC32 support (f216937)

    • DT Bindings

      • add STM32MP1 TZC400 bindings (43de546)

    • FDT Wrappers

      • add CPU enumeration utility function (2d9ea36)

    • FDTs

      • add for_each_compatible_node macro (ff76614)

      • introduce wrapper function to read DT UUIDs (d13dbb6)

      • add firewall regions into STM32MP1 DT (86b43c5)

      • add IO policies for STM32MP1 (21e002f)

      • add STM32MP1 fw-config DT files (d9e0586)

      • STM32MP1

        • align DT with latest kernel (e8a953a)

        • delete nodes for non-used boot devices (4357db5)

    • NXP

      • OCRAM

        • add driver for OCRAM initialization (10b1e13)

      • PSCI

        • define CPUECTLR_TIMER_2TICKS (3a2cc2e)

  • Dependencies

    • libfdt

      • also allow changing base address (4d585fe)

13.7.3. Resolved Issues

  • Architecture

  • Platforms

    • print newline before fatal abort error message (a5fea81)

    • Allwinner

      • delay after enabling CPU power (86a7429)

    • Arm

      • correct UUID strings in FVP DT (748bdd1)

      • fix a VERBOSE trace (5869ebd)

      • remove unused memory node (be42c4b)

      • FPGA

        • allow build after MAKE_* changes (9d38a3e)

        • avoid re-linking from executable ELF file (a67ac76)

        • Change PL011 UART IRQ (195381a)

        • limit BL31 memory usage (d457230)

        • reserve BL31 memory (13e16fe)

        • streamline generated axf file (9177e4f)

        • enable AMU extension (d810e30)

        • increase initrd size (c3ce73b)

      • FVP

        • fix fvp_cpu_standby() function (3202ce8)

        • spmc optee manifest remove SMC allowlist (183725b)

        • allow changing the kernel DTB load address (672d669)

        • bump BL2 stack size (d22f1d3)

        • provide boot files via semihosting (749d0fa)

        • OP-TEE SP manifest per latest SPMC changes (b7bc51a)

        • mock support for CCA NV ctr (7423e5e)

      • FVP-R

        • fix compilation error in release mode (7d96e79)

      • Morello

        • initialise CNTFRQ in Non Secure CNTBaseN (7f2d23d)

      • TC

        • enable AMU extension (b5863ca)

        • change UUID to string format (1c19536)

        • remove “arm,psci” from psci node (814646b)

        • remove ffa and optee device tree node (f1b44a9)

        • set cactus-tertiary vcpu count to 1 (05f667f)

      • SGI

        • avoid redefinition of ‘efi_guid’ structure (f34322c)

    • Marvell

      • Check the required libraries before building doimage (dd47809)

      • Armada

        • select correct pcie reference clock source (371648e)

        • fix MSS loader for A8K family (dceac43)

        • A3K

          • disable HANDLE_EA_EL3_FIRST by default (3017e93)

          • enable workaround for erratum 1530924 (975563d)

          • Fix building uart-images.tgz.bin archive (d3f8db0)

          • Fix check for external dependences (2baf503)

          • fix printing info messages on output (9f6d154)

          • update information about PCIe abort hack (068fe91)

          • Remove encryption password (076374c)

        • A8K

          • Add missing build dependency for BLE target (04738e6)

          • Correctly set include directories for individual targets (559ab2d)

          • Require that MV_DDR_PATH is correctly set (528dafc)

          • fix number of CPU power switches. (5cf6faf)

    • MediaTek

      • MT8183

        • fix out-of-bound access (420c26b)

      • MT8195

        • use correct print format for uint64_t (964ee4e)

        • fix error setting for SPM (1f81ccc)

        • extend MMU region size (9ff8b8c)

        • fix coverity fail (85e4d14)

    • NXP

      • i.MX

        • do not keep mmc_device_info in stack (99d37c8)

        • i.MX 8M

          • i.MX 8M Mini

            • fix FTBFS on SPD=opteed (10bfc77)

      • Layerscape

        • LX2

          • LS1028A

            • define endianness of scfg and gpio (2475f63)

            • fix compile error when enable fuse provision (a0da9c4)

    • QEMU

      • (NS_DRAM0_BASE + NS_DRAM0_SIZE) ADDR overflow 32bit (325716c)

      • reboot/shutdown with low to high gpio (bd2ad12)

    • QTI

      • SC1780

    • Raspberry Pi

      • Raspberry Pi 4

        • drop /memreserve/ region (5d2793a)

    • Renesas

      • R-Car

        • change process that copy code to system ram (49593cc)

        • fix cache maintenance process of reading cert header (c77ab18)

        • fix to load image when option BL2_DCACHE_ENABLE is enabled (d2ece8d)

        • R-Car 3

          • fix disabling MFIS write protection for R-Car D3 (a8c0c3e)

          • fix eMMC boot support for R-Car D3 (77ab366)

          • fix source file to make about GICv2 (fb3406b)

          • fix version judgment for R-Car D3 (c3d192b)

          • generate two memory nodes for larger than 2 GiB channel 0 (21924f2)

    • Rockchip

      • RK3399

        • correct LPDDR4 resume sequence (2c4b0c0)

        • fix dram section placement (f943b7c)

    • Socionext

      • Synquacer

        • update scmi power domain off handling (f7f5d2c)

    • ST

      • add STM32IMAGE_SRC (f223505)

      • add UART reset in crash console init (b38e2ed)

      • apply security at the end of BL2 (99080bd)

      • correct BSEC error code management (72c7884)

      • correct IO compensation disabling (c2d18ca)

      • correct signedness comparison issue (5657dec)

      • improve DDR get size function (91ffc1d)

      • only check header major when booting (8ce8918)

      • panic if boot interface is wrong (71693a6)

      • remove double space (306dcd6)

      • ST32MP1

        • add bl prefix for internal linker script (7684ddd)

    • Xilinx

      • Versal

        • correct IPI buffer offset (e1e5b13)

        • use sync method for blocking calls (fa58171)

      • ZynqMP

        • use sync method for blocking calls (c063c5a)

  • Services

    • drop warning on unimplemented calls (67fad51)

    • RME

      • fixes a shift by 64 bits bug in the RME GPT library (322b344)

    • SPM

      • do not compile if SVE/SME is enabled (4333f95)

      • error macro to use correct print format (0c23e6f)

      • revert workaround hafnium as hypervisor (3221fce)

      • fixing coverity issue for SPM Core. (f7fb0bf)

  • Libraries

    • LIBC

      • use long for 64-bit types on aarch64 (4ce3e99)

    • CPU Support

      • correct Demeter CPU name (4cb576a)

      • workaround for Cortex A78 erratum 2242635 (1ea9190)

      • workaround for Cortex-A710 erratum 2058056 (744bdbf)

      • workaround for Neoverse V1 erratum 2216392 (4c8fe6b)

      • workaround for Neoverse-N2 erratum 2138953 (ef8f0c5)

      • workaround for Neoverse-N2 erratum 2138958 (c948185)

      • workaround for Neoverse-N2 erratum 2242400 (603806d)

      • workaround for Neoverse-N2 erratum 2242415 (5819e23)

      • workaround for Neoverse-N2 erratum 2280757 (0d2d999)

      • rename Matterhorn, Matterhorn ELP, and Klein CPUs (c6ac4df)

    • EL3 Runtime

      • correct CASSERT for pauth (b4f8d44)

      • fix SVE and AMU extension enablement flags (68ac5ed)

      • random typos in tf-a code base (2e61d68)

      • Remove save/restore of EL2 timer registers (a7cf274)

    • OP-TEE

      • correct signedness comparison (21d2be8)

    • GPT

      • add necessary barriers and remove cache clean (77612b9)

      • use correct print format for uint64_t (2461bd3)

    • Translation Tables

      • remove always true check in assert (74d720a)

  • Drivers

    • Authentication

      • avoid NV counter upgrade without certificate validation (a2a5a94)

      • CryptoCell-713

        • fix a build failure with CC-713 library (e5fbee5)

    • MTD

      • fix MISRA issues and logic improvement (5130ad1)

      • macronix quad enable bit issue (c332740)

      • NAND

        • SPI NAND

          • check correct manufacturer id (4490b79)

          • check that parameters have been set (bc453ab)

    • SCMI

      • entry: add weak functions (b3c8fd5)

      • smt: fix build for aarch64 (0e223c6)

      • mention “SCMI” in driver initialisation message (e0baae7)

      • relax requirement for exact protocol version (125868c)

    • UFS

      • add reset before DME_LINKSTARTUP (905635d)

    • Arm

      • GIC

        • GICv3

          • add dsb in both disable and enable function of gicv3_cpuif (5a5e0aa)

        • GIC-600AE

      • fix timeout calculation (7f322f2)

      • TZC

        • TZC-400

    • Marvell

      • COMPHY

        • fix name of 3.125G SerDes mode (a669983)

        • Armada 3700

          • configure phy selector also for PCIe (0f3a122)

          • fix address overflow (c074f70)

          • handle failures in power functions (49b664e)

        • CP110

          • fix error code in pcie power on (c0a909c)

      • Armada

        • A3K

          • A3720

            • fix configuring UART clock (b9185c7)

            • fix UART clock rate value and divisor calculation (66a7752)

            • fix UART parent clock rate determination (5a91c43)

    • MediaTek

      • PMIC Wrapper

      • MT8192

        • SPM

          • add missing bit define for debug purpose (310c3a2)

    • NXP

      • FLEXSPI

        • fix warm boot wait time for MT35XU512A (1ff7e46)

      • SCFG

        • fix endianness checking (fb90cfd)

      • SFP

    • Renesas

      • R-Car3

        • console: fix a return value of console_rcar_init (bb273e3)

        • ddr: update DDR setting for H3, M3, M3N (ec767c1)

        • emmc: remove CPG_CPGWPR redefinition (36d5645)

        • fix CPG registers redefinition (0dae56b)

        • i2c_dvfs: fix I2C operation (b757d3a)

    • ST

      • Clock

        • use correct return value (8f97c4f)

        • correctly manage RTC clock source (1550909)

        • fix MCU/AXI parent clock (b8fe48b)

        • fix MPU clock rate (602ae2f)

        • fix RTC clock rating (cbd2e8a)

        • keep RTC clock always on (5b111c7)

        • keep RTCAPB clock always on (373f06b)

        • set other clocks as always on (bf39318)

      • I/O

        • STM32 Image

          • invalidate cache on local buf (a5bcf82)

          • uninitialized variable warning (c1d732d)

      • ST PMIC

      • STPMIC1

        • fix power switches activation (0161991)

        • update error cases return (ed6a852)

      • UART

        • STM32 Console

          • do not skip init for crash console (49c7f0c)

    • USB

      • add a optional ops get_other_speed_config_desc (216c122)

      • fix Null pointer dereferences in usb_core_set_config (0cb9870)

      • remove deadcode when USBD_EP_NB = 1 (7ca4928)

      • remove unnecessary cast (025f5ef)

  • Miscellaneous

    • use correct printf format for uint64_t (4ef449c)

    • DT Bindings

    • FDTs

      • avoid output on missing DT property (49e789e)

      • fix OOB write in uuid parsing function (d0d6424)

      • Morello

        • fix scmi clock specifier to cluster mappings (387a906)

      • STM32MP1

        • correct copyright dates (8d26029)

        • set ETH clock on PLL4P on ST boards (3e881a8)

        • update PLL nodes for ED1/EV1 boards (cdbbb9f)

        • use ‘kHz’ as kilohertz abbreviation (4955d08)

    • PIE

      • invalidate data cache in the entire image range if PIE is enabled (596d20d)

    • Security

    • SDEI

      • fix assert while kdump issue (d39db26)

      • print event number in hex format (6b94356)

      • set SPSR for SDEI based on TakeException (37596fc)

  • Documentation

    • fix TF-A v2.6 release date in the release information page (c90fa47)

    • fix FF-A substitution (a61940c)

    • fix typos in v2.5 release documentation (481c7b6)

    • remove “experimental” tag for stable features (700e768)

    • Contribution Guidelines

      • fix formatting for code snippet (d0bbe81)

  • Build System

    • use space in WARNINGS list (34b508b)

    • Git Hooks

      • downgrade package-lock.json version (7434b65)

  • Tools

    • STM32 Image

    • SPTOOL

      • SP UUID little to big endian in TF-A build (dcdbcdd)

    • DOIMAGE

      • Fix doimage syntax breaking secure mode build (6d55ef1)

  • Dependencies

    • checkpatch

      • do not check merge commits (77a0a7f)

13.8. 2.5.0 (2021-05-17)

13.8.1. New Features

  • Architecture support

    • Added support for speculation barrier(FEAT_SB) for non-Armv8.5 platforms starting from Armv8.0

    • Added support for Activity Monitors Extension version 1.1(FEAT_AMUv1p1)

    • Added helper functions for Random number generator(FEAT_RNG) registers

    • Added support for Armv8.6 Multi-threaded PMU extensions (FEAT_MTPMU)

    • Added support for MTE Asymmetric Fault Handling extensions(FEAT_MTE3)

    • Added support for Privileged Access Never extensions(FEAT_PANx)

  • Bootloader images

    • Added PIE support for AArch32 builds

    • Enable Trusted Random Number Generator service for BL32(sp_min)

  • Build System

    • Added build option for Arm Feature Modifiers

  • Drivers

    • Added support for interrupts in TZC-400 driver

    • Broadcom

      • Added support for I2C, MDIO and USB drivers

    • Marvell

      • Added support for secure read/write of dfc register-set

      • Added support for thermal sensor driver

      • Implement a3700_core_getc API in console driver

      • Added rx training on 10G port

    • Marvell Mochi

      • Added support for cn913x in PCIe mode

    • Marvell Armada A8K

      • Added support for TRNG-IP-76 driver and accessing RNG register

    • Mediatek MT8192

      • Added support for following drivers

        • MPU configuration for SCP/PCIe

        • SPM suspend

        • Vcore DVFS

        • LPM

        • PTP3

        • UART save and restore

        • Power-off

        • PMIC

        • CPU hotplug and MCDI support

        • SPMC

        • MPU

    • Mediatek MT8195

      • Added support for following drivers

        • GPIO, NCDI, SPMC drivers

        • Power-off

        • CPU hotplug, reboot and MCDI

        • Delay timer and sys timer

        • GIC

    • NXP

      • Added support for

        • non-volatile storage API

        • chain of trust and trusted board boot using two modes: MBEDTLS and CSF

        • fip-handler necessary for DDR initialization

        • SMMU and console drivers

        • crypto hardware accelerator driver

        • following drivers: SD, EMMC, QSPI, FLEXSPI, GPIO, GIC, CSU, PMU, DDR

        • NXP Security Monitor and SFP driver

        • interconnect config APIs using ARM CCN-CCI driver

        • TZC APIs to configure DDR region

        • generic timer driver

        • Device configuration driver

    • IMX

      • Added support for image loading and io-storage driver for TBBR fip booting

    • Renesas

      • Added support for PFC and EMMC driver

      • RZ Family:

        • G2N, G2E and G2H SoCs

          • Added support for watchdog, QoS, PFC and DRAM initialization

      • RZG Family:

        • G2M

          • Added support for QoS and DRAM initialization

    • Xilinx

      • Added JTAG DCC support for Versal and ZynqMP SoC family.

  • Libraries

    • C standard library

      • Added support to print % in snprintf() and printf() APIs

      • Added support for strtoull, strtoll, strtoul, strtol APIs from FreeBSD project

    • CPU support

      • Added support for

        • Cortex_A78C CPU

        • Makalu ELP CPU

        • Makalu CPU

        • Matterhorn ELP CPU

        • Neoverse-N2 CPU

    • CPU Errata

      • Arm Cortex-A76: Added workaround for erratum 1946160

      • Arm Cortex-A77: Added workaround for erratum 1946167

      • Arm Cortex-A78: Added workaround for erratum 1941498 and 1951500

      • Arm Neoverse-N1: Added workaround for erratum 1946160

    • Flattened device tree(libfdt)

      • Added support for wrapper function to read UUIDs in string format from dtb

  • Platforms

    • Added support for MediaTek MT8195

    • Added support for Arm RD-N2 board

    • Allwinner

      • Added support for H616 SoC

    • Arm

      • Added support for GPT parser

      • Protect GICR frames for fused/unused cores

    • Arm Morello

      • Added VirtIO network device to Morello FVP fdts

    • Arm RD-N2

      • Added support for variant 1 of RD-N2 platform

      • Enable AMU support

    • Arm RD-V1

      • Enable AMU support

    • Arm SGI

      • Added support for platform variant build option

    • Arm TC0

      • Added Matterhorn ELP CPU support

      • Added support for opteed

    • Arm Juno

      • Added support to use hw_config in BL31

      • Use TRNG entropy source for SMCCC TRNG interface

      • Condition Juno entropy source with CRC instructions

    • Marvell Mochi

      • Added support for detection of secure mode

    • Marvell ARMADA

      • Added support for new compile option A3720_DB_PM_WAKEUP_SRC

      • Added support doing system reset via CM3 secure coprocessor

      • Made several makefile enhancements required to build WTMI_MULTI_IMG and TIMDDRTOOL

      • Added support for building DOIMAGETOOL tool

      • Added new target mrvl_bootimage

    • Mediatek MT8192

      • Added support for rtc power off sequence

    • Mediatek MT8195

      • Added support for SiP service

    • STM32MP1

      • Added support for

        • Seeed ODYSSEY SoM and board

        • SDMMC2 and I2C2 pins in pinctrl

        • I2C2 peripheral in DTS

        • PIE for BL32

        • TZC-400 interrupt managament

        • Linux Automation MC-1 board

    • Renesas RZG

      • Added support for identifying EK874 RZ/G2E board

      • Added support for identifying HopeRun HiHope RZ/G2H and RZ/G2H boards

    • Rockchip

      • Added support for stack protector

    • QEMU

      • Added support for max CPU

      • Added Cortex-A72 support to virt platform

      • Enabled trigger reboot from secure pl061

    • QEMU SBSA

      • Added support for sbsa-ref Embedded Controller

    • NXP

      • Added support for warm reset to retain ddr content

      • Added support for image loader necessary for loading fip image

      • lx2160a SoC Family

        • Added support for

          • new platform lx2160a-aqds

          • new platform lx2160a-rdb

          • new platform lx2162a-aqds

          • errata handling

    • IMX imx8mm

      • Added support for trusted board boot

    • TI K3

      • Added support for lite device board

      • Enabled Cortex-A72 erratum 1319367

      • Enabled Cortex-A53 erratum 1530924

    • Xilinx ZynqMP

      • Added support for PS and system reset on WDT restart

      • Added support for error management

      • Enable support for log messages necessary for debug

      • Added support for PM API SMC call for efuse and register access

  • Processes

    • Introduced process for platform deprecation

    • Added documentation for TF-A threat model

    • Provided a copy of the MIT license to comply with the license requirements of the arm-gic.h source file (originating from the Linux kernel project and re-distributed in TF-A).

  • Services

    • Added support for TRNG firmware interface service

    • Arm

      • Added SiP service to configure Ethos-N NPU

    • SPMC

      • Added documentation for SPM(Hafnium) SMMUv3 driver

    • SPMD

      • Added support for

        • FFA_INTERRUPT forwading ABI

        • FFA_SECONDARY_EP_REGISTER ABI

        • FF-A v1.0 boot time power management, SPMC secondary core boot and early run-time power management

  • Tools

    • FIPTool

      • Added mechanism to allow platform specific image UUID

    • git hooks

      • Added support for conventional commits through commitlint hook, commitizen hook and husky configuration files.

    • NXP tool

      • Added support for a tool that creates pbl file from BL2

    • Renesas RZ/G2

      • Added tool support for creating bootparam and cert_header images

    • CertCreate

      • Added support for platform-defined certificates, keys, and extensions using the platform’s makefile

    • shared tools

      • Added EFI_GUID representation to uuid helper data structure

13.8.2. Changed

  • Common components

    • Print newline after hex address in aarch64 el3_panic function

    • Use proper #address-cells and #size-cells for reserved-memory in dtbs

  • Drivers

    • Move SCMI driver from ST platform directory and make it common to all platforms

    • Arm GICv3

      • Shift eSPI register offset in GICD_OFFSET_64()

      • Use mpidr to probe GICR for current CPU

    • Arm TZC-400

      • Adjust filter tag if it set to FILTER_BIT_ALL

    • Cadence

      • Enhance UART driver APIs to put characters to fifo

    • Mediatek MT8192

      • Move timer driver to common folder

      • Enhanced sys_cirq driver to add more IC services

    • Renesas

      • Move ddr and delay driver to common directory

    • Renesas rcar

      • Treat log as device memory in console driver

    • Renesas RZ Family:

      • G2N and G2H SoCs

        • Select MMC_CH1 for eMMC channel

    • Marvell

      • Added support for checking if TRNG unit is present

    • Marvell A3K

      • Set TXDCLK_2X_SEL bit during PCIe initialization

      • Set mask parameter for every reg_set call

    • Marvell Mochi

      • Added missing stream IDs configurations

    • MbedTLS

      • Migrated to Mbed TLS v2.26.0

    • IMX imx8mp

      • Change the bl31 physical load address

    • QEMU SBSA

      • Enable secure variable storage

    • SCMI

      • Update power domain protocol version to 2.0

    • STM32

      • Remove dead code from nand FMC driver

  • Libraries

    • C Standard Library

      • Use macros to reduce duplicated code between snprintf and printf

    • CPU support

      • Sanity check pointers before use in AArch32 builds

      • Arm Cortex-A78

        • Remove rainier cpu workaround for errata 1542319

      • Arm Makalu ELP

        • Added “_arm” suffix to Makalu ELP CPU lib

  • Miscellaneous

    • Editorconfig

      • set max line length to 100

  • Platforms

    • Allwinner

      • Added reserved-memory node to DT

      • Express memmap more dynamically

      • Move SEPARATE_NOBITS_REGION to platforms

      • Limit FDT checks to reduce code size

      • Use CPUIDLE hardware when available

      • Allow conditional compilation of SCPI and native PSCI ops

      • Always use a 3MHz RSB bus clock

      • Enable workaround for Cortex-A53 erratum 1530924

      • Fixed non-default PRELOADED_BL33_BASE

      • Leave CPU power alone during BL31 setup

      • Added several psci hooks enhancements to improve system shutdown/reset sequence

      • Return the PMIC to I2C mode after use

      • Separate code to power off self and other CPUs

      • Split native and SCPI-based PSCI implementations

    • Allwinner H6

      • Added R_PRCM security setup for H6 board

      • Added SPC security setup for H6 board

      • Use RSB for the PMIC connection on H6

    • Arm

      • Store UUID as a string, rather than ints

      • Replace FIP base and size macro with a generic name

      • Move compile time switch from source to dt file

      • Don’t provide NT_FW_CONFIG when booting hafnium

      • Do not setup ‘disabled’ regulator

      • Increase SP max size

      • Remove false dependency of ARM_LINUX_KERNEL_AS_BL33 on RESET_TO_BL31 and allow it to be enabled independently

    • Arm FVP

      • Do not map GIC region in BL1 and BL2

    • Arm Juno

      • Refactor juno_getentropy() to return 64 bits on each call

    • Arm Morello

      • Remove “virtio-rng” from Morello FVP

      • Enable virtIO P9 device for Morello fvp

    • Arm RDV1

      • Allow all PSCI callbacks on RD-V1

      • Rename rddaniel to rdv1

    • Arm RDV1MC

      • Rename rddanielxlr to rdv1mc

      • Initialize TZC-400 controllers

    • Arm TC0

      • Updated GICR base address

      • Use scmi_dvfs clock index 1 for cores 4-7 through fdt

      • Added reserved-memory node for OP-TEE fdts

      • Enabled Theodul DSU in TC platform

      • OP-TEE as S-EL1 SP with SPMC at S-EL2

      • Update Matterhorm ELP DVFS clock index

    • Arm SGI

      • Allow access to TZC controller on all chips

      • Define memory regions for multi-chip platforms

      • Allow access to nor2 flash and system registers from S-EL0

      • Define default list of memory regions for DMC-620 TZC

      • Improve macros defining cper buffer memory region

      • Refactor DMC-620 error handling SMC function id

      • Refactor SDEI specific macros

      • Added platform id value for RDN2 platform

      • Refactored header file inclusions and inclusion of memory mapping

    • Arm RDN2

      • Allow usage of secure partitions on RDN2 platform

      • Update GIC redistributor and TZC base address

    • Arm SGM775

      • Deprecate Arm sgm775 FVP platform

    • Marvell

      • Increase TX FIFO EMPTY timeout from 2ms to 3ms

      • Update delay code to be compatible with 1200 MHz CPU

    • Marvell ARMADA

      • Postpone MSS CPU startup to BL31 stage

      • Allow builds without MSS support

      • Use MSS SRAM in secure mode

      • Added missing FORCE, .PHONY and clean targets

      • Cleanup MSS SRAM if used for copy

      • Move definition of mrvl_flash target to common marvell_common.mk file

      • Show informative build messages and blank lines

    • Marvell ARMADA A3K

      • Added a new target mrvl_uart which builds UART image

      • Added checks that WTP, MV_DDR_PATH and CRYPTOPP_PATH are correctly defined

      • Allow use of the system Crypto++ library

      • Build $(WTMI_ENC_IMG) in $(BUILD_PLAT) directory

      • Build intermediate files in $(BUILD_PLAT) directory

      • Build UART image files directly in $(BUILD_UART) subdirectory

      • Correctly set DDR_TOPOLOGY and CLOCKSPRESET for WTMI

      • Do not use ‘echo -e’ in Makefile

      • Improve 4GB DRAM usage from 3.375 GB to 3.75 GB

      • Remove unused variable WTMI_SYSINIT_IMG from Makefile

      • Simplify check if WTP variable is defined

      • Split building $(WTMI_MULTI_IMG) and $(TIMDDRTOOL)

    • Marvell ARMADA A8K

      • Allow CP1/CP2 mapping at BLE stage

    • Mediatek MT8183

      • Added timer V20 compensation

    • Nvidia Tegra

      • Rename SMC API

    • TI K3

      • Make plat_get_syscnt_freq2 helper check CNT_FID0 register

      • Fill non-message data fields in sec_proxy with 0x0

      • Update ti_sci_msg_req_reboot ABI to include domain

      • Enable USE_COHERENT_MEM only for the generic board

      • Explicitly map SEC_SRAM_BASE to 0x0

      • Use BL31_SIZE instead of computing

      • Define the correct number of max table entries and increase SRAM size to account for additional table

    • Raspberry Pi4

      • Switch to gicv2.mk and GICV2_SOURCES

    • Renesas

      • Move headers and assembly files to common folder

    • Renesas rzg

      • Added device tree memory node enhancements

    • Rockchip

      • Switch to using common gicv3.mk

    • STM32MP1

      • Set BL sizes regardless of flags

    • QEMU

      • Include gicv2.mk for compiling GICv2 source files

      • Change DEVICE2 definition for MMU

      • Added helper to calculate the position shift from MPIDR

    • QEMU SBSA

      • Include libraries for Cortex-A72

      • Increase SHARED_RAM_SIZE

      • Addes support in spm_mm for upto 512 cores

      • Added support for topology handling

    • QTI

      • Mandate SMC implementation

    • Xilinx

      • Rename the IPI CRC checksum macro

      • Use fno-jump-tables flag in CPPFLAGS

    • Xilinx versal

      • Added the IPI CRC checksum macro support

      • Mark IPI calls secure/non-secure

      • Enable sgi to communicate with linux using IPI

      • Remove Cortex-A53 compilation

    • Xilinx ZynqMP

      • Configure counter frequency during initialization

      • Filter errors related to clock gate permissions

      • Implement pinctrl request/rel